dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #5661 from thingsboard/lwm2m_cert_trust_server

Browse Source 
[3.3.3] Lwm2m cert trust server
This commit is contained in:
Igor Kulikov 2021-12-16 17:33:27 +02:00 committed by GitHub
commit 4fa0b7d4ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java
View File

@ -120,7 +120,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
TbLwM2MSecurityInfo securityInfo = null;
// verify if trust
if (config.getTrustSslCredentials().getTrustedCertificates().length > 0) {
if (searchIssuer(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) {
if (verifyIssuer(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) {
String endpoint = config.getTrustSslCredentials().getValueFromSubjectNameByKey(cert.getSubjectX500Principal().getName(), "CN");
securityInfo = StringUtils.isNotEmpty(endpoint) ? securityInfoValidator.getEndpointSecurityInfoByCredentialsId(endpoint, CLIENT) : null;
}
@ -193,13 +193,16 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
}
private static X509Certificate searchIssuer(X509Certificate certificate, X509Certificate[] certificates) {
X500Principal subject = certificate.getIssuerX500Principal();
for (int index = 0; index < certificates.length; ++index) {
X509Certificate trust = certificates[index];
if (trust != null && subject.equals(trust.getIssuerX500Principal())) {
if (verifyCertificate(certificate)) {
return certificate;
private X509Certificate verifyIssuer(X509Certificate certificate, X509Certificate[] certificates) {
String issuerCN = config.getTrustSslCredentials().getValueFromSubjectNameByKey(certificate.getIssuerX500Principal().getName(), "CN");
if (!StringUtils.isBlank(issuerCN)) {
for (int index = 0; index < certificates.length; ++index) {
X509Certificate trust = certificates[index];
String trustCN = config.getTrustSslCredentials().getValueFromSubjectNameByKey(trust.getSubjectX500Principal().getName(), "CN");
if (!StringUtils.isBlank(trustCN) && issuerCN.length() >= trustCN.length() && issuerCN.substring(issuerCN.length()-trustCN.length()).equals(trustCN)) {
if (verifyCertificate(certificate)) {
return certificate;
}
}
}
}

BIN
transport/lwm2m/src/main/data/lwm2mserver.jks
View File

Binary file not shown.