Renaming of the lwm2m configuration properties

application/src/main/resources/thingsboard.yml

@@ -647,42 +647,40 @@ transport:
       bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}"
       bind_port: "${LWM2M_BIND_PORT:5685}"
       security:
-        bind_address: "${LWM2M_BIND_ADDRESS_SECURITY:0.0.0.0}"
-        bind_port: "${LWM2M_BIND_PORT_SECURITY:5686}"
+        bind_address: "${LWM2M_SECURITY_BIND_ADDRESS:0.0.0.0}"
+        bind_port: "${LWM2M_SECURITY_BIND_PORT:5686}"
         # Only Certificate_x509:
-        alias: "${LWM2M_KEYSTORE_SERVER_ALIAS:server}"
-        password: "${LWM2M_KEYSTORE_SERVER_PASSWORD:server_ks_password}"
+        key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}"
+        key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_ks_password}"
         skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
     bootstrap:
       enable: "${LWM2M_ENABLED_BS:true}"
       id: "${LWM2M_SERVER_ID_BS:111}"
-      bind_address: "${LWM2M_BIND_ADDRESS_BS:0.0.0.0}"
-      bind_port: "${LWM2M_BIND_PORT_BS:5687}"
+      bind_address: "${LWM2M_BS_BIND_ADDRESS:0.0.0.0}"
+      bind_port: "${LWM2M_BS_BIND_PORT:5687}"
       security:
-        bind_address: "${LWM2M_BIND_ADDRESS_SECURITY_BS:0.0.0.0}"
-        bind_port: "${LWM2M_BIND_PORT_SECURITY_BS:5688}"
+        bind_address: "${LWM2M_BS_SECURITY_BIND_ADDRESS:0.0.0.0}"
+        bind_port: "${LWM2M_BS_SECURITY_BIND_PORT:5688}"
         # Only Certificate_x509:
-        alias: "${LWM2M_KEYSTORE_BS_ALIAS:bootstrap}"
-        password: "${LWM2M_KEYSTORE_BS_PASSWORD:server_ks_password}"
+        key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}"
+        key_password: "${LWM2M_BS_KEY_PASSWORD:server_ks_password}"
     security:
       # Certificate_x509:
       # To get helps about files format and how to generate it, see: https://github.com/eclipse/leshan/wiki/Credential-files-format
       # Create new X509 Certificates: common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
       key_store_type: "${LWM2M_KEYSTORE_TYPE:JKS}"
       # key_store_path_file: "${KEY_STORE_PATH_FILE:/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks"
-      key_store: "${LWM2M_KEY_STORE:lwm2mserver.jks}"
-      key_store_password: "${LWM2M_KEY_STORE_PASSWORD:server_ks_password}"
-      root_alias: "${LWM2M_SERVER_ROOT_CA:rootca}"
-      enable_gen_new_key_psk_rpk: "${ENABLE_GEN_NEW_KEY_PSK_RPK:false}"
+      key_store: "${LWM2M_KEYSTORE:lwm2mserver.jks}"
+      key_store_password: "${LWM2M_KEYSTORE_PASSWORD:server_ks_password}"
+      root_alias: "${LWM2M_SERVER_ROOT_CA_ALIAS:rootca}"
+      recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
+      recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
     timeout: "${LWM2M_TIMEOUT:120000}"
-    recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
-    recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
     uplink_pool_size: "${LWM2M_UPLINK_POOL_SIZE:10}"
     downlink_pool_size: "${LWM2M_DOWNLINK_POOL_SIZE:10}"
     ota_pool_size: "${LWM2M_OTA_POOL_SIZE:10}"
-    registration_store_pool_size: "${LWM2M_REGISTRATION_STORE_POOL_SIZE:100}"
     clean_period_in_sec: "${LWM2M_CLEAN_PERIOD_IN_SEC:2}"
-    log_max_length: "${LWM2M_LOG_MAX_LENGTH:100}"
+    log_max_length: "${LWM2M_LOG_MAX_LENGTH:1024}"
     # Use redis for Security and Registration stores
     redis.enabled: "${LWM2M_REDIS_ENABLED:false}"
   snmp:

application/src/test/resources/application-test.properties

@@ -1,7 +1,7 @@
 transport.lwm2m.security.key_store=lwm2m/credentials/serverKeyStore.jks
 transport.lwm2m.security.key_store_password=server
 edges.enabled=true
-transport.lwm2m.server.security.alias=server
-transport.lwm2m.server.security.password=server
-transport.lwm2m.bootstrap.security.alias=server
-transport.lwm2m.bootstrap.security.password=server
+transport.lwm2m.server.security.key_alias=server
+transport.lwm2m.server.security.key_password=server
+transport.lwm2m.bootstrap.security.key_alias=server
+transport.lwm2m.bootstrap.security.key_password=server

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapService.java

@@ -18,48 +18,26 @@ package org.thingsboard.server.transport.lwm2m.bootstrap;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
-import org.eclipse.leshan.core.util.Hex;
 import org.eclipse.leshan.server.bootstrap.BootstrapSessionManager;
 import org.eclipse.leshan.server.californium.bootstrap.LeshanBootstrapServer;
 import org.eclipse.leshan.server.californium.bootstrap.LeshanBootstrapServerBuilder;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.stereotype.Component;
-import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapSecurityStore;
 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MInMemoryBootstrapConfigStore;
 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2mDefaultBootstrapSessionManager;
 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportBootstrapConfig;
 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
-import org.thingsboard.server.transport.lwm2m.secure.LWM2MGenerationPSkRPkECC;
 import org.thingsboard.server.transport.lwm2m.server.DefaultLwM2mTransportService;
 
 import javax.annotation.PostConstruct;
 import javax.annotation.PreDestroy;
-import java.math.BigInteger;
-import java.security.AlgorithmParameters;
-import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
-import java.security.interfaces.ECPublicKey;
-import java.security.spec.ECGenParameterSpec;
-import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
-import java.security.spec.ECPublicKeySpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.InvalidParameterSpecException;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
 
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CCM_8;
 import static org.thingsboard.server.transport.lwm2m.server.LwM2mNetworkConfig.getCoapConfig;
 
 @Slf4j
@@ -78,9 +56,6 @@ public class LwM2MTransportBootstrapService {
 
     @PostConstruct
     public void init() {
-        if (serverConfig.getEnableGenNewKeyPskRpk()) {
-            new LWM2MGenerationPSkRPkECC();
-        }
         log.info("Starting LwM2M transport bootstrap server...");
         this.server = getLhBootstrapServer();
         this.server.start();

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/config/LwM2MTransportBootstrapConfig.java

@@ -47,11 +47,11 @@ public class LwM2MTransportBootstrapConfig implements LwM2MSecureServerConfig {
     private Integer securePort;
 
     @Getter
-    @Value("${transport.lwm2m.bootstrap.security.alias:}")
+    @Value("${transport.lwm2m.bootstrap.security.key_alias:}")
     private String certificateAlias;
 
     @Getter
-    @Value("${transport.lwm2m.bootstrap.security.password:}")
+    @Value("${transport.lwm2m.bootstrap.security.key_password:}")
     private String certificatePassword;
 
 }

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/config/LwM2MTransportServerConfig.java

@@ -53,11 +53,11 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig {
     private long sessionReportTimeout;
 
     @Getter
-    @Value("${transport.lwm2m.recommended_ciphers:}")
+    @Value("${transport.lwm2m.security.recommended_ciphers:}")
     private boolean recommendedCiphers;
 
     @Getter
-    @Value("${transport.lwm2m.recommended_supported_groups:}")
+    @Value("${transport.lwm2m.security.recommended_supported_groups:}")
     private boolean recommendedSupportedGroups;
 
     @Getter
@@ -96,10 +96,6 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig {
     @Value("${transport.lwm2m.security.root_alias:}")
     private String rootCertificateAlias;
 
-    @Getter
-    @Value("${transport.lwm2m.security.enable_gen_new_key_psk_rpk:}")
-    private Boolean enableGenNewKeyPskRpk;
-
     @Getter
     @Value("${transport.lwm2m.server.id:}")
     private Integer id;
@@ -121,11 +117,11 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig {
     private Integer securePort;
 
     @Getter
-    @Value("${transport.lwm2m.server.security.alias:}")
+    @Value("${transport.lwm2m.server.security.key_alias:}")
     private String certificateAlias;
 
     @Getter
-    @Value("${transport.lwm2m.server.security.password:}")
+    @Value("${transport.lwm2m.server.security.key_password:}")
     private String certificatePassword;
 
     @Getter

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LWM2MGenerationPSkRPkECC.java

@@ -1,110 +0,0 @@
-/**
- * Copyright © 2016-2021 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.transport.lwm2m.secure;
-
-import lombok.extern.slf4j.Slf4j;
-import org.eclipse.leshan.core.util.Hex;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.interfaces.ECPublicKey;
-import java.security.spec.ECGenParameterSpec;
-import java.util.Arrays;
-
-@Slf4j
-public class LWM2MGenerationPSkRPkECC {
-
-    public LWM2MGenerationPSkRPkECC() {
-        generationPSkKey();
-        generationRPKECCKey();
-    }
-
-    private void generationPSkKey() {
-        /* PSK */
-        int lenPSkKey = 32;
-        /* Start PSK
-          Clients and Servers MUST support PSK keys of up to 64 bytes in length, as required by [RFC7925]
-          SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in [RFC4086]
-          */
-        SecureRandom randomPSK = new SecureRandom();
-        byte[] bytesPSK = new byte[lenPSkKey];
-        randomPSK.nextBytes(bytesPSK);
-        log.info("\nCreating new PSK: \n for the next start PSK -> security key: [{}]", Hex.encodeHexString(bytesPSK));
-    }
-
-    private void generationRPKECCKey() {
-        /* RPK */
-        String algorithm = "EC";
-        String provider = "SunEC";
-        String nameParameterSpec = "secp256r1";
-
-        /* Start RPK
-          Elliptic Curve parameters  : [secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)]
-          */
-        KeyPairGenerator kpg = null;
-        try {
-            kpg = KeyPairGenerator.getInstance(algorithm, provider);
-        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
-            log.error("", e);
-        }
-        ECGenParameterSpec ecsp = new ECGenParameterSpec(nameParameterSpec);
-        try {
-            kpg.initialize(ecsp);
-        } catch (InvalidAlgorithmParameterException e) {
-            log.error("", e);
-        }
-
-        KeyPair kp = kpg.genKeyPair();
-        PrivateKey privKey = kp.getPrivate();
-        PublicKey pubKey = kp.getPublic();
-
-        if (pubKey instanceof ECPublicKey) {
-            ECPublicKey ecPublicKey = (ECPublicKey) pubKey;
-            /* Get x coordinate */
-            byte[] x = ecPublicKey.getW().getAffineX().toByteArray();
-            if (x[0] == 0)
-                x = Arrays.copyOfRange(x, 1, x.length);
-
-            /* Get Y coordinate */
-            byte[] y = ecPublicKey.getW().getAffineY().toByteArray();
-            if (y[0] == 0)
-                y = Arrays.copyOfRange(y, 1, y.length);
-
-            /* Get Curves params */
-            String privHex = Hex.encodeHexString(privKey.getEncoded());
-            log.info("\nCreating new RPK for the next start... \n" +
-                            " Public Key (Hex): [{}]\n" +
-                            " Private Key (Hex): [{}]" +
-                            " public_x :  [{}] \n" +
-                            " public_y :  [{}] \n" +
-                            " private_encode : [{}] \n" +
-                            " Elliptic Curve parameters  : [{}] \n",
-                    Hex.encodeHexString(pubKey.getEncoded()),
-                    privHex,
-                    Hex.encodeHexString(x),
-                    Hex.encodeHexString(y),
-                    privHex,
-                    ecPublicKey.getParams().toString());
-        }
-    }
-}
-

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/DefaultLwM2mTransportService.java

@@ -29,7 +29,6 @@ import org.springframework.stereotype.Component;
 import org.thingsboard.server.cache.ota.OtaPackageDataCache;
 import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
-import org.thingsboard.server.transport.lwm2m.secure.LWM2MGenerationPSkRPkECC;
 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MAuthorizer;
 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MDtlsCertificateVerifier;
 import org.thingsboard.server.transport.lwm2m.server.client.LwM2mClientContext;
@@ -74,9 +73,6 @@ public class DefaultLwM2mTransportService implements LwM2MTransportService {
 
     @PostConstruct
     public void init() {
-        if (config.getEnableGenNewKeyPskRpk()) {
-            new LWM2MGenerationPSkRPkECC();
-        }
         this.server = getLhServer();
         /*
          * Add a resource to the server.

transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml

@@ -106,41 +106,40 @@ transport:
       bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}"
       bind_port: "${LWM2M_BIND_PORT:5685}"
       security:
-        bind_address: "${LWM2M_BIND_ADDRESS_SECURITY:0.0.0.0}"
-        bind_port: "${LWM2M_BIND_PORT_SECURITY:5686}"
+        bind_address: "${LWM2M_SECURITY_BIND_ADDRESS:0.0.0.0}"
+        bind_port: "${LWM2M_SECURITY_BIND_PORT:5686}"
         # Only Certificate_x509:
-        alias: "${LWM2M_KEYSTORE_SERVER_ALIAS:server}"
-        password: "${LWM2M_KEYSTORE_SERVER_PASSWORD:server_ks_password}"
+        key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}"
+        key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_ks_password}"
         skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
     bootstrap:
       enable: "${LWM2M_ENABLED_BS:true}"
       id: "${LWM2M_SERVER_ID_BS:111}"
-      bind_address: "${LWM2M_BIND_ADDRESS_BS:0.0.0.0}"
-      bind_port: "${LWM2M_BIND_PORT_BS:5687}"
+      bind_address: "${LWM2M_BS_BIND_ADDRESS:0.0.0.0}"
+      bind_port: "${LWM2M_BS_BIND_PORT:5687}"
       security:
-        bind_address: "${LWM2M_BIND_ADDRESS_SECURITY_BS:0.0.0.0}"
-        bind_port: "${LWM2M_BIND_PORT_SECURITY_BS:5688}"
+        bind_address: "${LWM2M_BS_SECURITY_BIND_ADDRESS:0.0.0.0}"
+        bind_port: "${LWM2M_BS_SECURITY_BIND_PORT:5688}"
         # Only Certificate_x509:
-        alias: "${LWM2M_KEYSTORE_BS_ALIAS:bootstrap}"
-        password: "${LWM2M_KEYSTORE_BS_PASSWORD:server_ks_password}"
+        key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}"
+        key_password: "${LWM2M_BS_KEY_PASSWORD:server_ks_password}"
     security:
       # Certificate_x509:
       # To get helps about files format and how to generate it, see: https://github.com/eclipse/leshan/wiki/Credential-files-format
       # Create new X509 Certificates: common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
       key_store_type: "${LWM2M_KEYSTORE_TYPE:JKS}"
       # key_store_path_file: "${KEY_STORE_PATH_FILE:/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks"
-      key_store: "${LWM2M_KEY_STORE:lwm2mserver.jks}"
-      key_store_password: "${LWM2M_KEY_STORE_PASSWORD:server_ks_password}"
-      root_alias: "${LWM2M_SERVER_ROOT_CA:rootca}"
-      enable_gen_new_key_psk_rpk: "${ENABLE_GEN_NEW_KEY_PSK_RPK:false}"
+      key_store: "${LWM2M_KEYSTORE:lwm2mserver.jks}"
+      key_store_password: "${LWM2M_KEYSTORE_PASSWORD:server_ks_password}"
+      root_alias: "${LWM2M_SERVER_ROOT_CA_ALIAS:rootca}"
+      recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
+      recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
     timeout: "${LWM2M_TIMEOUT:120000}"
-    recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
-    recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
     uplink_pool_size: "${LWM2M_UPLINK_POOL_SIZE:10}"
     downlink_pool_size: "${LWM2M_DOWNLINK_POOL_SIZE:10}"
     ota_pool_size: "${LWM2M_OTA_POOL_SIZE:10}"
     clean_period_in_sec: "${LWM2M_CLEAN_PERIOD_IN_SEC:2}"
-    log_max_length: "${LWM2M_LOG_MAX_LENGTH:100}"
+    log_max_length: "${LWM2M_LOG_MAX_LENGTH:1024}"
     # Use redis for Security and Registration stores
     redis.enabled: "${LWM2M_REDIS_ENABLED:false}"