diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java index 46ad3c1c34..624a1d6a72 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java @@ -151,7 +151,7 @@ public class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest { parameterSpec); KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec); -// // Get keys + // Get keys serverPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec); serverPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java index 72f4d041f3..c82845f20c 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java @@ -36,7 +36,7 @@ import org.thingsboard.server.service.telemetry.cmd.v2.EntityDataUpdate; import org.thingsboard.server.service.telemetry.cmd.v2.LatestValueCmd; import org.thingsboard.server.transport.lwm2m.client.LwM2MTestClient; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; -import org.thingsboard.server.transport.lwm2m.secure.credentials.NoSecClientCredentialsConfig; +import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecClientCredentials; import java.util.Collections; import java.util.List; @@ -112,10 +112,10 @@ public class NoSecLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { Assert.assertEquals(device.getId(), deviceCredentials.getDeviceId()); deviceCredentials.setCredentialsType(DeviceCredentialsType.LWM2M_CREDENTIALS); - deviceCredentials.setCredentialsId(deviceAEndpoint); - LwM2MCredentials noSecCredentials = new LwM2MCredentials(); - noSecCredentials.setClient(new NoSecClientCredentialsConfig()); + NoSecClientCredentials clientCredentials = new NoSecClientCredentials(); + clientCredentials.setEndpoint(deviceAEndpoint); + noSecCredentials.setClient(clientCredentials); deviceCredentials.setCredentialsValue(JacksonUtil.toString(noSecCredentials)); doPost("/api/device/credentials", deviceCredentials).andExpect(status().isOk()); return device; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java index 06541e5c56..18749cfee5 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java @@ -22,6 +22,7 @@ import org.junit.Assert; import org.junit.Test; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.common.data.Device; +import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials; import org.thingsboard.server.common.data.query.EntityData; import org.thingsboard.server.common.data.query.EntityDataPageLink; import org.thingsboard.server.common.data.query.EntityDataQuery; @@ -37,7 +38,6 @@ import org.thingsboard.server.service.telemetry.cmd.v2.EntityDataUpdate; import org.thingsboard.server.service.telemetry.cmd.v2.LatestValueCmd; import org.thingsboard.server.transport.lwm2m.client.LwM2MTestClient; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; -import org.thingsboard.server.transport.lwm2m.secure.credentials.X509ClientCredentialsConfig; import java.util.Collections; import java.util.List; @@ -101,7 +101,7 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { private final String serverUri = "coaps://localhost:" + port; @NotNull - private Device createDevice(String credentialsId, X509ClientCredentialsConfig credentialsConfig) throws Exception { + private Device createDevice(X509ClientCredentials clientCredentials) throws Exception { Device device = new Device(); device.setName("Device A"); device.setDeviceProfileId(deviceProfile.getId()); @@ -114,13 +114,11 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { Assert.assertEquals(device.getId(), deviceCredentials.getDeviceId()); deviceCredentials.setCredentialsType(DeviceCredentialsType.LWM2M_CREDENTIALS); - deviceCredentials.setCredentialsId(credentialsId); + LwM2MCredentials credentials = new LwM2MCredentials(); - LwM2MCredentials X509Credentials = new LwM2MCredentials(); + credentials.setClient(clientCredentials); - X509Credentials.setClient(credentialsConfig); - - deviceCredentials.setCredentialsValue(JacksonUtil.toString(X509Credentials)); + deviceCredentials.setCredentialsValue(JacksonUtil.toString(credentials)); doPost("/api/device/credentials", deviceCredentials).andExpect(status().isOk()); return device; } @@ -128,8 +126,9 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { @Test public void testConnectAndObserveTelemetry() throws Exception { createDeviceProfile(TRANSPORT_CONFIGURATION); - - Device device = createDevice(endpoint, new X509ClientCredentialsConfig(null, null)); + X509ClientCredentials credentials = new X509ClientCredentials(); + credentials.setEndpoint(endpoint); + Device device = createDevice(credentials); SingleEntityFilter sef = new SingleEntityFilter(); sef.setSingleEntity(device.getId()); @@ -166,7 +165,10 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { @Test public void testConnectWithCertAndObserveTelemetry() throws Exception { createDeviceProfile(TRANSPORT_CONFIGURATION); - Device device = createDevice(null, new X509ClientCredentialsConfig(SslUtil.getCertificateString(clientX509CertNotTrusted), endpoint)); + X509ClientCredentials credentials = new X509ClientCredentials(); + credentials.setEndpoint(endpoint); + credentials.setCert(SslUtil.getCertificateString(clientX509CertNotTrusted)); + Device device = createDevice(credentials); SingleEntityFilter sef = new SingleEntityFilter(); sef.setSingleEntity(device.getId()); diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/PSKClientCredentialsConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/AbstractLwM2MClientCredentials.java similarity index 60% rename from common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/PSKClientCredentialsConfig.java rename to common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/AbstractLwM2MClientCredentials.java index 8de85ce72d..66eb523209 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/PSKClientCredentialsConfig.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/AbstractLwM2MClientCredentials.java @@ -13,20 +13,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.thingsboard.server.transport.lwm2m.secure.credentials; +package org.thingsboard.server.common.data.device.credentials.lwm2m; -import lombok.Data; -import org.eclipse.leshan.core.SecurityMode; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; -import static org.eclipse.leshan.core.SecurityMode.PSK; - -@Data -public class PSKClientCredentialsConfig extends HasKey implements LwM2MClientCredentialsConfig { - private String identity; +@Getter +@Setter +@NoArgsConstructor +public abstract class AbstractLwM2MClientCredentials implements LwM2MClientCredentials { private String endpoint; - - @Override - public SecurityMode getSecurityConfigClientMode() { - return PSK; - } } diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/HasKey.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/HasKey.java similarity index 78% rename from common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/HasKey.java rename to common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/HasKey.java index 65be16bfd6..ec62765298 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/HasKey.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/HasKey.java @@ -13,13 +13,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.thingsboard.server.transport.lwm2m.secure.credentials; +package org.thingsboard.server.common.data.device.credentials.lwm2m; -import org.eclipse.leshan.core.util.Hex; +import lombok.SneakyThrows; +import org.apache.commons.codec.binary.Hex; -public class HasKey { +public abstract class HasKey extends AbstractLwM2MClientCredentials { private byte[] key; + @SneakyThrows public void setKey(String key) { if (key != null) { this.key = Hex.decodeHex(key.toLowerCase().toCharArray()); diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MClientCredentialsConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/LwM2MClientCredentials.java similarity index 58% rename from common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MClientCredentialsConfig.java rename to common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/LwM2MClientCredentials.java index 65f027a849..adf0c2ae62 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MClientCredentialsConfig.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/LwM2MClientCredentials.java @@ -13,25 +13,24 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.thingsboard.server.transport.lwm2m.secure.credentials; +package org.thingsboard.server.common.data.device.credentials.lwm2m; import com.fasterxml.jackson.annotation.JsonIgnore; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonSubTypes; import com.fasterxml.jackson.annotation.JsonTypeInfo; -import org.eclipse.leshan.core.SecurityMode; -@JsonIgnoreProperties(ignoreUnknown = true) @JsonTypeInfo( use = JsonTypeInfo.Id.NAME, property = "securityConfigClientMode") @JsonSubTypes({ - @JsonSubTypes.Type(value = NoSecClientCredentialsConfig.class, name = "NO_SEC"), - @JsonSubTypes.Type(value = PSKClientCredentialsConfig.class, name = "PSK"), - @JsonSubTypes.Type(value = RPKClientCredentialsConfig.class, name = "RPK"), - @JsonSubTypes.Type(value = X509ClientCredentialsConfig.class, name = "X509")}) -public interface LwM2MClientCredentialsConfig { + @JsonSubTypes.Type(value = NoSecClientCredentials.class, name = "NO_SEC"), + @JsonSubTypes.Type(value = PSKClientCredentials.class, name = "PSK"), + @JsonSubTypes.Type(value = RPKClientCredentials.class, name = "RPK"), + @JsonSubTypes.Type(value = X509ClientCredentials.class, name = "X509")}) +public interface LwM2MClientCredentials { @JsonIgnore - SecurityMode getSecurityConfigClientMode(); + LwM2MSecurityMode getSecurityConfigClientMode(); + + String getEndpoint(); } diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/LwM2MSecurityMode.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/LwM2MSecurityMode.java new file mode 100644 index 0000000000..802fcd7efe --- /dev/null +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/LwM2MSecurityMode.java @@ -0,0 +1,20 @@ +/** + * Copyright © 2016-2021 The Thingsboard Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.thingsboard.server.common.data.device.credentials.lwm2m; + +public enum LwM2MSecurityMode { + PSK, RPK, X509, NO_SEC; +} diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/X509ClientCredentialsConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/NoSecClientCredentials.java similarity index 55% rename from common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/X509ClientCredentialsConfig.java rename to common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/NoSecClientCredentials.java index 563224fed2..7e54a9b63d 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/X509ClientCredentialsConfig.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/NoSecClientCredentials.java @@ -13,24 +13,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.thingsboard.server.transport.lwm2m.secure.credentials; +package org.thingsboard.server.common.data.device.credentials.lwm2m; -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.NoArgsConstructor; -import org.eclipse.leshan.core.SecurityMode; - -import static org.eclipse.leshan.core.SecurityMode.X509; - -@Data -@NoArgsConstructor -@AllArgsConstructor -public class X509ClientCredentialsConfig implements LwM2MClientCredentialsConfig { - private String cert; - private String endpoint; +public class NoSecClientCredentials extends AbstractLwM2MClientCredentials { @Override - public SecurityMode getSecurityConfigClientMode() { - return X509; + public LwM2MSecurityMode getSecurityConfigClientMode() { + return LwM2MSecurityMode.NO_SEC; } } diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/NoSecClientCredentialsConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/PSKClientCredentials.java similarity index 65% rename from common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/NoSecClientCredentialsConfig.java rename to common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/PSKClientCredentials.java index 03933972c3..2566af7da8 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/NoSecClientCredentialsConfig.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/PSKClientCredentials.java @@ -13,16 +13,18 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.thingsboard.server.transport.lwm2m.secure.credentials; +package org.thingsboard.server.common.data.device.credentials.lwm2m; -import org.eclipse.leshan.core.SecurityMode; +import lombok.Getter; +import lombok.Setter; -import static org.eclipse.leshan.core.SecurityMode.NO_SEC; - -public class NoSecClientCredentialsConfig implements LwM2MClientCredentialsConfig { +@Getter +@Setter +public class PSKClientCredentials extends HasKey { + private String identity; @Override - public SecurityMode getSecurityConfigClientMode() { - return NO_SEC; + public LwM2MSecurityMode getSecurityConfigClientMode() { + return LwM2MSecurityMode.PSK; } } diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/RPKClientCredentials.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/RPKClientCredentials.java new file mode 100644 index 0000000000..fe329558f8 --- /dev/null +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/RPKClientCredentials.java @@ -0,0 +1,24 @@ +/** + * Copyright © 2016-2021 The Thingsboard Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.thingsboard.server.common.data.device.credentials.lwm2m; + +public class RPKClientCredentials extends HasKey { + + @Override + public LwM2MSecurityMode getSecurityConfigClientMode() { + return LwM2MSecurityMode.RPK; + } +} diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/RPKClientCredentialsConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/X509ClientCredentials.java similarity index 65% rename from common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/RPKClientCredentialsConfig.java rename to common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/X509ClientCredentials.java index 025c8b3b10..712dcab5eb 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/RPKClientCredentialsConfig.java +++ b/common/data/src/main/java/org/thingsboard/server/common/data/device/credentials/lwm2m/X509ClientCredentials.java @@ -13,16 +13,18 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.thingsboard.server.transport.lwm2m.secure.credentials; +package org.thingsboard.server.common.data.device.credentials.lwm2m; -import org.eclipse.leshan.core.SecurityMode; +import lombok.Getter; +import lombok.Setter; -import static org.eclipse.leshan.core.SecurityMode.RPK; - -public class RPKClientCredentialsConfig extends HasKey implements LwM2MClientCredentialsConfig { +@Getter +@Setter +public class X509ClientCredentials extends AbstractLwM2MClientCredentials { + private String cert; @Override - public SecurityMode getSecurityConfigClientMode() { - return RPK; + public LwM2MSecurityMode getSecurityConfigClientMode() { + return LwM2MSecurityMode.X509; } } diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java index cd78cd4c1e..8d90b2a86b 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java @@ -17,21 +17,21 @@ package org.thingsboard.server.transport.lwm2m.secure; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.eclipse.leshan.core.SecurityMode; import org.eclipse.leshan.core.util.SecurityUtil; import org.eclipse.leshan.server.security.SecurityInfo; import org.springframework.stereotype.Component; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.common.data.StringUtils; +import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode; import org.thingsboard.server.common.transport.TransportServiceCallback; import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsResponse; import org.thingsboard.server.gen.transport.TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; -import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentialsConfig; +import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; -import org.thingsboard.server.transport.lwm2m.secure.credentials.PSKClientCredentialsConfig; -import org.thingsboard.server.transport.lwm2m.secure.credentials.RPKClientCredentialsConfig; +import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredentials; +import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredentials; import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext; import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportUtil; @@ -97,8 +97,8 @@ public class LwM2mCredentialsSecurityInfoValidator { if (credentials != null) { if (keyValue.equals(LwM2mTransportUtil.LwM2mTypeServer.BOOTSTRAP)) { result.setBootstrapCredentialConfig(credentials.getBootstrap()); - if (SecurityMode.PSK.equals(credentials.getClient().getSecurityConfigClientMode())) { - PSKClientCredentialsConfig pskClientConfig = (PSKClientCredentialsConfig) credentials.getClient(); + if (LwM2MSecurityMode.PSK.equals(credentials.getClient().getSecurityConfigClientMode())) { + PSKClientCredentials pskClientConfig = (PSKClientCredentials) credentials.getClient(); endpoint = StringUtils.isNotEmpty(pskClientConfig.getEndpoint()) ? pskClientConfig.getEndpoint() : endpoint; } result.setEndpoint(endpoint); @@ -130,8 +130,8 @@ public class LwM2mCredentialsSecurityInfoValidator { result.setSecurityMode(NO_SEC); } - private void createClientSecurityInfoPSK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentialsConfig clientCredentialsConfig) { - PSKClientCredentialsConfig pskConfig = (PSKClientCredentialsConfig) clientCredentialsConfig; + private void createClientSecurityInfoPSK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentials clientCredentialsConfig) { + PSKClientCredentials pskConfig = (PSKClientCredentials) clientCredentialsConfig; if (StringUtils.isNotEmpty(pskConfig.getIdentity())) { try { if (pskConfig.getKey() != null && pskConfig.getKey().length > 0) { @@ -149,8 +149,8 @@ public class LwM2mCredentialsSecurityInfoValidator { } } - private void createClientSecurityInfoRPK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentialsConfig clientCredentialsConfig) { - RPKClientCredentialsConfig rpkConfig = (RPKClientCredentialsConfig) clientCredentialsConfig; + private void createClientSecurityInfoRPK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentials clientCredentialsConfig) { + RPKClientCredentials rpkConfig = (RPKClientCredentials) clientCredentialsConfig; try { if (rpkConfig.getKey() != null) { PublicKey key = SecurityUtil.publicKey.decode(rpkConfig.getKey()); @@ -164,7 +164,7 @@ public class LwM2mCredentialsSecurityInfoValidator { } } - private void createClientSecurityInfoX509(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentialsConfig clientCredentialsConfig) { + private void createClientSecurityInfoX509(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentials clientCredentialsConfig) { result.setSecurityInfo(SecurityInfo.newX509CertInfo(endpoint)); result.setSecurityMode(X509); } diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java index d2542192bf..e83532d2cc 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java @@ -15,7 +15,6 @@ */ package org.thingsboard.server.transport.lwm2m.secure; -import com.fasterxml.jackson.databind.JsonNode; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.eclipse.californium.elements.util.CertPathUtil; @@ -30,12 +29,12 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler; import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; import org.eclipse.californium.scandium.util.ServerNames; -import org.eclipse.leshan.core.SecurityMode; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.common.data.DeviceProfile; +import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode; import org.thingsboard.server.common.msg.EncryptionUtil; import org.thingsboard.server.common.transport.TransportService; import org.thingsboard.server.common.transport.TransportServiceCallback; @@ -44,7 +43,7 @@ import org.thingsboard.server.common.transport.util.SslUtil; import org.thingsboard.server.gen.transport.TransportProtos; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; -import org.thingsboard.server.transport.lwm2m.secure.credentials.X509ClientCredentialsConfig; +import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials; import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; import javax.annotation.PostConstruct; @@ -140,10 +139,10 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0]; if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class); - if(!credentials.getClient().getSecurityConfigClientMode().equals(SecurityMode.X509)){ + if(!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)){ continue; } - X509ClientCredentialsConfig config = (X509ClientCredentialsConfig) credentials.getClient(); + X509ClientCredentials config = (X509ClientCredentials) credentials.getClient(); String certBody = config.getCert(); String endpoint = config.getEndpoint(); if (strCert.equals(certBody)) { diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MCredentials.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MCredentials.java index 09c27f0e42..bbc733b40b 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MCredentials.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MCredentials.java @@ -16,10 +16,11 @@ package org.thingsboard.server.transport.lwm2m.secure.credentials; import lombok.Data; +import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials; import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig; @Data public class LwM2MCredentials { - private LwM2MClientCredentialsConfig client; + private LwM2MClientCredentials client; private LwM2MBootstrapConfig bootstrap; } diff --git a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java index 426e7025c0..5349df1fc7 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java +++ b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java @@ -16,7 +16,6 @@ package org.thingsboard.server.dao.device; -import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; import lombok.extern.slf4j.Slf4j; import org.hibernate.exception.ConstraintViolationException; @@ -28,6 +27,9 @@ import org.springframework.util.StringUtils; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.common.data.Device; import org.thingsboard.server.common.data.device.credentials.BasicMqttCredentials; +import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials; +import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredentials; +import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials; import org.thingsboard.server.common.data.id.DeviceId; import org.thingsboard.server.common.data.id.EntityId; import org.thingsboard.server.common.data.id.TenantId; @@ -133,7 +135,6 @@ public class DeviceCredentialsServiceImpl extends AbstractEntityService implemen deviceCredentials.setCredentialsValue(JacksonUtil.toString(mqttCredentials)); } - private void formatCertData(DeviceCredentials deviceCredentials) { String cert = EncryptionUtil.trimNewLines(deviceCredentials.getCredentialsValue()); String sha3Hash = EncryptionUtil.getSha3Hash(cert); @@ -142,18 +143,48 @@ public class DeviceCredentialsServiceImpl extends AbstractEntityService implemen } private void formatSimpleLwm2mCredentials(DeviceCredentials deviceCredentials) { - ObjectNode json = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(), ObjectNode.class); - JsonNode client = json.get("client"); - if (client != null && client.get("securityConfigClientMode").asText().equals("X509") && client.has("cert")) { - JsonNode certJson = client.get("cert"); - if (!certJson.isNull()) { - String cert = EncryptionUtil.trimNewLines(certJson.asText()); - String sha3Hash = EncryptionUtil.getSha3Hash(cert); - deviceCredentials.setCredentialsId(sha3Hash); - ((ObjectNode) client).put("cert", cert); - deviceCredentials.setCredentialsValue(JacksonUtil.toString(json)); + LwM2MClientCredentials clientCredentials; + ObjectNode json; + try { + json = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(), ObjectNode.class); + if (json == null) { + throw new IllegalArgumentException(); } + clientCredentials = JacksonUtil.convertValue(json.get("client"), LwM2MClientCredentials.class); + if (clientCredentials == null) { + throw new IllegalArgumentException(); + } + } catch (IllegalArgumentException e) { + throw new DataValidationException("Invalid credentials body for LwM2M credentials!"); } + + String credentialsId; + + switch (clientCredentials.getSecurityConfigClientMode()) { + case NO_SEC: + case RPK: + credentialsId = clientCredentials.getEndpoint(); + break; + case PSK: + credentialsId = ((PSKClientCredentials) clientCredentials).getIdentity(); + break; + case X509: + X509ClientCredentials x509Config = (X509ClientCredentials) clientCredentials; + if (x509Config.getCert() != null) { + String cert = EncryptionUtil.trimNewLines(x509Config.getCert()); + String sha3Hash = EncryptionUtil.getSha3Hash(cert); + x509Config.setCert(cert); + ((ObjectNode) json.get("client")).put("cert", cert); + deviceCredentials.setCredentialsValue(JacksonUtil.toString(json)); + credentialsId = sha3Hash; + } else { + credentialsId = x509Config.getEndpoint(); + } + break; + default: + throw new DataValidationException("Invalid credentials body for LwM2M credentials!"); + } + deviceCredentials.setCredentialsId(credentialsId); } @Override