lwm2m delete security files jks and in yml security enable = false

2021-12-30 12:31:21 +02:00 · 2021-12-30 12:31:21 +02:00 · c655b58977
commit c655b58977
parent 283ec2aa1a
9 changed files with 10 additions and 877 deletions
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -733,7 +733,7 @@ transport:
        # Server X509 Certificates support
        credentials:
          # Whether to enable LWM2M server X509 Certificate/RPK support
-          enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:true}"
+          enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:false}"
          # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
          type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}"
          # PEM server credentials
@ -769,7 +769,7 @@ transport:
        # Bootstrap server X509 Certificates support
        credentials:
          # Whether to enable LWM2M bootstrap server X509 Certificate/RPK support
-          enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:true}"
+          enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:false}"
          # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
          type:  "${LWM2M_BS_CREDENTIALS_TYPE:PEM}"
          # PEM server credentials
@ -796,19 +796,19 @@ transport:
      # X509 trust certificates
      trust-credentials:
        # Whether to load X509 trust certificates
-        enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:true}"
+        enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:false}"
        # Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore)
        type:  "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}"
        # PEM certificates
        pem:
          # Path to the certificates file (holds trust certificates)
-          cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mserver.pem}"
+          cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mtruststorechain.pem}"
        # Keystore with trust certificates
        keystore:
          # Type of the key store
          type: "${LWM2M_TRUST_KEY_STORE_TYPE:JKS}"
          # Path to the key store that holds the X509 certificates
-          store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mserver.jks}"
+          store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mtruststorechain.jks}"
          # Password used to access the key store
          store_password: "${LWM2M_TRUST_KEY_STORE_PASSWORD:server_ks_password}"
      recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
--- a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
+++ b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
@ -1,359 +0,0 @@
-#!/bin/sh
-#
-# Copyright © 2016-2021 The Thingsboard Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password
-
-#p) CLIENT_CN=$CLIENT_PREFIX00000000
-#s) client_start=0
-#f) client_finish=1
-#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000
-#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000
-#b) BOOTSTRAP_ALIAS=bootstrap
-#d) SERVER_ALIAS=server
-#j) SERVER_STORE=serverKeyStore.jks
-#k) CLIENT_STORE=clientKeyStore.jks
-#c) CLIENT_STORE_PWD=client_ks_password
-#w) SERVER_STORE_PWD=server_ks_password
-#l) ROOT_KEY_ALIAS=root_key_alias
-
-while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do
-  case "${flag}" in
-  p) client_pref=${OPTARG} ;;
-  s) client_start=${OPTARG} ;;
-  f) client_finish=${OPTARG} ;;
-  a) client_alias_pref=${OPTARG} ;;
-  e) client_self_alias_pref=${OPTARG} ;;
-  b) bootstrap_alias=${OPTARG} ;;
-  d) server_alias=${OPTARG} ;;
-  j) key_store_server_file=${OPTARG} ;;
-  k) key_store_client_file=${OPTARG} ;;
-  c) client_key_store_pwd=${OPTARG} ;;
-  w) server_key_store_pwd=${OPTARG} ;;
-  w) root_key_alias=${OPTARG} ;;
-  esac
-done
-
-# cd to dir of script
-script_dir=$(dirname $0)
-echo "script_dir: $script_dir"
-cd $script_dir
-# source the properties:
-. ./lwM2M_keygen.properties
-
-if [ -n "$client_pref" ]; then
-  CLIENT_PREFIX=$client_pref
-fi
-
-if [ -z "$client_start" ]; then
-  client_start=0
-fi
-
-if [ -z "$client_finish" ]; then
-  client_finish=1
-fi
-
-if [ -n "$client_alias_pref" ]; then
-  CLIENT_ALIAS_PREFIX=$client_alias_pref
-fi
-
-if [ -n "$client_self_alias_pref" ]; then
-  CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref
-fi
-
-if [ -n "$bootstrap_alias" ]; then
-  BOOTSTRAP_ALIAS=$bootstrap_alias
-fi
-
-if [ -n "$server_alias" ]; then
-  SERVER_ALIAS=$server_alias
-fi
-
-if [ -n "$key_store_server_file" ]; then
-  SERVER_STORE=$key_store_server_file
-fi
-
-if [ -n "$key_store_client_file" ]; then
-  CLIENT_STORE=$key_store_client_file
-fi
-
-if [ -n "$client_key_store_pwd" ]; then
-  CLIENT_STORE_PWD=$client_key_store_pwd
-fi
-
-if [ -n "$server_key_store_pwd" ]; then
-  SERVER_STORE_PWD=$server_key_store_pwd
-fi
-
-if [ -n "$root_key_alias" ]; then
-  ROOT_KEY_ALIAS=$root_key_alias
-fi
-
-CLIENT_NUMBER=$client_start
-
-echo "==Start=="
-echo "CLIENT_PREFIX: $CLIENT_PREFIX"
-echo "client_start: $client_start"
-echo "client_finish: $client_finish"
-echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX"
-echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX"
-echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS"
-echo "SERVER_ALIAS: $SERVER_ALIAS"
-echo "SERVER_STORE: $SERVER_STORE"
-echo "CLIENT_STORE: $CLIENT_STORE"
-echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD"
-echo "SERVER_STORE_PWD: $SERVER_STORE_PWD"
-echo "CLIENT_NUMBER: $CLIENT_NUMBER"
-echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS"
-
-end_point() {
-  echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
-}
-
-client_alias_point() {
-  echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
-}
-
-client_self_alias_point() {
-  echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
-}
-
-# Generation of the keystore.
-echo "${H0}====START========${RESET}"
-echo "${H1}Server Keystore : ${RESET}"
-echo "${H1}==================${RESET}"
-echo "${H2}Creating the trusted root CA key and certificate...${RESET}"
-# -keysize
-#    1024 (when using -genkeypair)
-keytool \
-  -genkeypair \
-  -alias $ROOT_KEY_ALIAS \
-  -keyalg EC \
-  -dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -validity $VALIDITY \
-  -storetype $STORETYPE \
-  -keypass $SERVER_STORE_PWD \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD
-
-echo
-echo "${H2}Creating server key and self-signed  certificate ...${RESET}"
-keytool \
-  -genkeypair \
-  -alias $SERVER_ALIAS \
-  -keyalg EC \
-  -dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -validity $VALIDITY \
-  -storetype $STORETYPE \
-  -keypass $SERVER_STORE_PWD \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD
-keytool \
-  -exportcert \
-  -alias $SERVER_ALIAS \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -importcert \
-    -alias $SERVER_SELF_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -noprompt
-
-echo
-echo "${H2}Creating server certificate signed by root CA...${RESET}"
-keytool \
-  -certreq \
-  -alias $SERVER_ALIAS \
-  -dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -gencert \
-    -alias $ROOT_KEY_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -storetype $STORETYPE \
-    -validity $VALIDITY |
-  keytool \
-    -importcert \
-    -alias $SERVER_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD
-
-echo
-echo "${H2}Creating bootstrap key and self-signed  certificate ...${RESET}"
-keytool \
-  -genkeypair \
-  -alias $BOOTSTRAP_ALIAS \
-  -keyalg EC \
-  -dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -validity $VALIDITY \
-  -storetype $STORETYPE \
-  -keypass $SERVER_STORE_PWD \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD
-keytool \
-  -exportcert \
-  -alias $BOOTSTRAP_ALIAS \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -importcert \
-    -alias $BOOTSTRAP_SELF_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -noprompt
-
-echo
-echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}"
-keytool \
-  -certreq \
-  -alias $BOOTSTRAP_ALIAS \
-  -dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -gencert \
-    -alias $ROOT_KEY_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -storetype $STORETYPE \
-    -validity $VALIDITY |
-  keytool \
-    -importcert \
-    -alias $BOOTSTRAP_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD
-
-if [ "$client_start" -lt "$client_finish" ]; then
-  echo
-  echo "${H2}Import root certificate just to be able to import  need by root CA with expected CN to $CLIENT_STORE${RESET}"
-  keytool \
-    -exportcert \
-    -alias $ROOT_KEY_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD |
-    keytool \
-      -importcert \
-      -alias $ROOT_KEY_ALIAS \
-      -keystore $CLIENT_STORE \
-      -storepass $CLIENT_STORE_PWD \
-      -noprompt
-fi
-
-cert_end_point() {
-  echo
-  echo "${H1}Client Keystore : ${RESET}"
-  echo "${H1}==================${RESET}"
-  echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}"
-  keytool \
-    -genkeypair \
-    -alias $CLIENT_ALIAS \
-    -keyalg EC \
-    -dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-    -validity $VALIDITY \
-    -storetype $STORETYPE \
-    -keypass $CLIENT_STORE_PWD \
-    -keystore $CLIENT_STORE \
-    -storepass $CLIENT_STORE_PWD
-  keytool \
-    -exportcert \
-    -alias $CLIENT_ALIAS \
-    -keystore $CLIENT_STORE \
-    -storepass $CLIENT_STORE_PWD |
-    keytool \
-      -importcert \
-      -alias $CLIENT_SELF_ALIAS \
-      -keystore $CLIENT_STORE \
-      -storepass $CLIENT_STORE_PWD \
-      -noprompt
-#
-#  echo
-#  echo "${H2}Import root certificate just to be able to import  ned by root CA with expected CN...${RESET}"
-#  keytool \
-#    -exportcert \
-#    -alias $ROOT_KEY_ALIAS \
-#    -keystore $SERVER_STORE \
-#    -storepass $SERVER_STORE_PWD |
-#    keytool \
-#      -importcert \
-#      -alias $ROOT_KEY_ALIAS \
-#      -keystore $CLIENT_STORE \
-#      -storepass $CLIENT_STORE_PWD \
-#      -noprompt
-#
-
-  echo
-  echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}"
-  keytool \
-    -certreq \
-    -alias $CLIENT_ALIAS \
-    -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-    -keystore $CLIENT_STORE \
-    -storepass $CLIENT_STORE_PWD |
-    keytool \
-      -gencert \
-      -alias $ROOT_KEY_ALIAS \
-      -keystore $SERVER_STORE \
-      -storepass $SERVER_STORE_PWD \
-      -storetype $STORETYPE \
-      -validity $VALIDITY |
-    keytool \
-      -importcert \
-      -alias $CLIENT_ALIAS \
-      -keystore $CLIENT_STORE \
-      -storepass $CLIENT_STORE_PWD \
-      -noprompt
-}
-
-if [ "$client_start" -lt "$client_finish" ]; then
-  echo
-  echo "==Start Client=="
-  while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do
-    echo "number $CLIENT_NUMBER"
-    echo "finish $client_finish"
-    CLIENT_CN=$(end_point)
-    CLIENT_ALIAS=$(client_alias_point)
-    CLIENT_SELF_ALIAS=$(client_self_alias_point)
-    echo "CLIENT_CN $CLIENT_CN"
-    echo "CLIENT_ALIAS $CLIENT_ALIAS"
-    echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS"
-    cert_end_point
-    CLIENT_NUMBER=$(($CLIENT_NUMBER + 1))
-    echo
-  done
-fi
-
-echo
-echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
-keytool \
-  -importkeystore \
-  -srckeystore $SERVER_STORE \
-  -destkeystore $SERVER_STORE \
-  -deststoretype pkcs12 \
-  -srcstorepass $SERVER_STORE_PWD
-
-if [ "$client_start" -lt "$client_finish" ]; then
-  echo
-  echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
-  keytool \
-    -importkeystore \
-    -srckeystore $CLIENT_STORE \
-    -destkeystore $CLIENT_STORE \
-    -deststoretype pkcs12 \
-    -srcstorepass $CLIENT_STORE_PWD
-fi
--- a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties
+++ b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties
@ -1,57 +0,0 @@
-#
-# Copyright © 2016-2017 The Thingsboard Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Keystore common parameters
-ROOT_KEY_ALIAS=rootCA
-DOMAIN_SUFFIX="$(hostname)"
-ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS"
-ORGANIZATIONAL_UNIT=Thingsboard
-ORGANIZATION=Thingsboard
-CITY=SF
-STATE_OR_PROVINCE=CA
-TWO_LETTER_COUNTRY_CODE=US
-VALIDITY=36500 #days
-STORETYPE="JKS"
-
-#Server
-SERVER_STORE=serverKeyStore1.jks
-SERVER_STORE_PWD=server_ks_password1
-SERVER_ALIAS=server1
-SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA"
-SERVER_SELF_ALIAS=server_self_signed
-SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed"
-BOOTSTRAP_ALIAS=bootstrap1
-BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA"
-BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed
-BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed"
-
-# Client
-CLIENT_STORE=clientKeyStore1.jks
-CLIENT_STORE_PWD=client_ks_password1
-CLIENT_ALIAS_PREFIX=client_alias_1
-CLIENT_PREFIX=LwX509___
-CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1
-CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed"
-
-# Color output stuff
-red=`tput setaf 1`
-green=`tput setaf 2`
-blue=`tput setaf 4`
-bold=`tput bold`
-H0=${red}${bold}
-H1=${green}${bold} 
-H2=${blue} 
-RESET=`tput sgr0`
--- a/common/transport/lwm2m/src/main/resources/lwm2mserver.jks
+++ b/common/transport/lwm2m/src/main/resources/lwm2mserver.jks
--- a/pom.xml
+++ b/pom.xml
@ -403,39 +403,9 @@
                                                </includes>
                                                <filtering>false</filtering>
                                            </resource>
-                                            <resource>
-                                                <directory>../common/transport/lwm2m/src/main/resources</directory>
-                                                <includes>
-                                                    <include>**/*.xml</include>
-                                                    <include>**/*.jks</include>
-                                                </includes>
-                                                <filtering>false</filtering>
-                                            </resource>
                                        </resources>
                                    </configuration>
                                </execution>
-                                <execution>
-                                    <id>copy-lwm2m-resources</id>
-                                    <phase>${pkg.process-resources.phase}</phase>
-                                    <goals>
-                                        <goal>copy-resources</goal>
-                                    </goals>
-                                    <configuration>
-                                        <outputDirectory>../transport/lwm2m/src/main/data</outputDirectory>
-                                        <resources>
-                                            <resource>
-                                                <directory>../common/transport/lwm2m/src/main/resources</directory>
-                                                <includes>
-                                                    <include>**/*.xml</include>
-                                                    <include>**/*.jks</include>
-                                                </includes>
-                                                <filtering>false</filtering>
-                                            </resource>
-                                        </resources>
-
-                                    </configuration>
-                                </execution>
-
                                <execution>
                                    <id>copy-docker-config</id>
                                    <phase>${pkg.process-resources.phase}</phase>
@ -829,10 +799,6 @@
                            <exclude>**/*.proto.js</exclude>
                            <exclude>docker/haproxy/**</exclude>
                            <exclude>docker/tb-node/**</exclude>
-                            <exclude>src/main/resources/models/*.xml</exclude>
-                            <exclude>src/main/resources/credentials/*.jks</exclude>
-                            <exclude>src/main/resources/credentials/shell/*.jks</exclude>
-                            <exclude>src/main/resources/credentials/shell/*.jks.old</exclude>
                            <exclude>ui/**</exclude>
                            <exclude>src/.browserslistrc</exclude>
                            <exclude>**/yarn.lock</exclude>
--- a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh
+++ b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh
@ -1,360 +0,0 @@
-#!/bin/sh
-#
-# Copyright © 2016-2021 The Thingsboard Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password
-
-#p) CLIENT_CN=$CLIENT_PREFIX00000000
-#s) client_start=0
-#f) client_finish=1
-#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000
-#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000
-#b) BOOTSTRAP_ALIAS=bootstrap
-#d) SERVER_ALIAS=server
-#j) SERVER_STORE=serverKeyStore.jks
-#k) CLIENT_STORE=clientKeyStore.jks
-#c) CLIENT_STORE_PWD=client_ks_password
-#w) SERVER_STORE_PWD=server_ks_password
-#l) ROOT_KEY_ALIAS=root_key_alias
-
-while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do
-  case "${flag}" in
-  p) client_pref=${OPTARG} ;;
-  s) client_start=${OPTARG} ;;
-  f) client_finish=${OPTARG} ;;
-  a) client_alias_pref=${OPTARG} ;;
-  e) client_self_alias_pref=${OPTARG} ;;
-  b) bootstrap_alias=${OPTARG} ;;
-  d) server_alias=${OPTARG} ;;
-  j) key_store_server_file=${OPTARG} ;;
-  k) key_store_client_file=${OPTARG} ;;
-  c) client_key_store_pwd=${OPTARG} ;;
-  w) server_key_store_pwd=${OPTARG} ;;
-  w) root_key_alias=${OPTARG} ;;
-  esac
-done
-
-# cd to dir of script
-script_dir=$(dirname $0)
-echo "script_dir: $script_dir"
-cd $script_dir
-# source the properties:
-. ./lwM2M_keygen.properties
-
-if [ -n "$client_pref" ]; then
-  CLIENT_PREFIX=$client_pref
-fi
-
-if [ -z "$client_start" ]; then
-  client_start=0
-fi
-
-if [ -z "$client_finish" ]; then
-  client_finish=1
-fi
-
-if [ -n "$client_alias_pref" ]; then
-  CLIENT_ALIAS_PREFIX=$client_alias_pref
-fi
-
-if [ -n "$client_self_alias_pref" ]; then
-  CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref
-fi
-
-if [ -n "$bootstrap_alias" ]; then
-  BOOTSTRAP_ALIAS=$bootstrap_alias
-fi
-
-if [ -n "$server_alias" ]; then
-  SERVER_ALIAS=$server_alias
-fi
-
-if [ -n "$key_store_server_file" ]; then
-  SERVER_STORE=$key_store_server_file
-fi
-
-if [ -n "$key_store_client_file" ]; then
-  CLIENT_STORE=$key_store_client_file
-fi
-
-if [ -n "$client_key_store_pwd" ]; then
-  CLIENT_STORE_PWD=$client_key_store_pwd
-fi
-
-if [ -n "$server_key_store_pwd" ]; then
-  SERVER_STORE_PWD=$server_key_store_pwd
-fi
-
-if [ -n "$root_key_alias" ]; then
-  ROOT_KEY_ALIAS=$root_key_alias
-fi
-
-CLIENT_NUMBER=$client_start
-
-echo "==Start=="
-echo "CLIENT_PREFIX: $CLIENT_PREFIX"
-echo "client_start: $client_start"
-echo "client_finish: $client_finish"
-echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX"
-echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX"
-echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS"
-echo "SERVER_ALIAS: $SERVER_ALIAS"
-echo "SERVER_STORE: $SERVER_STORE"
-echo "CLIENT_STORE: $CLIENT_STORE"
-echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD"
-echo "SERVER_STORE_PWD: $SERVER_STORE_PWD"
-echo "CLIENT_NUMBER: $CLIENT_NUMBER"
-echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS"
-
-end_point() {
-  echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
-}
-
-client_alias_point() {
-  echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
-}
-
-client_self_alias_point() {
-  echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
-}
-
-# Generation of the keystore.
-echo "${H0}====START========${RESET}"
-echo "${H1}Server Keystore : ${RESET}"
-echo "${H1}==================${RESET}"
-echo "${H2}Creating the trusted root CA key and certificate...${RESET}"
-# -keysize
-#    1024 (when using -genkeypair)
-keytool \
-  -genkeypair \
-  -alias $ROOT_KEY_ALIAS \
-  -keyalg EC \
-  -dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -validity $VALIDITY \
-  -storetype $STORETYPE \
-  -keypass $SERVER_STORE_PWD \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD
-
-echo
-echo "${H2}Creating server key and self-signed  certificate ...${RESET}"
-keytool \
-  -genkeypair \
-  -alias $SERVER_ALIAS \
-  -keyalg EC \
-  -dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -validity $VALIDITY \
-  -storetype $STORETYPE \
-  -keypass $SERVER_STORE_PWD \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD
-keytool \
-  -exportcert \
-  -alias $SERVER_ALIAS \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -importcert \
-    -alias $SERVER_SELF_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -noprompt
-
-echo
-echo "${H2}Creating server certificate signed by root CA...${RESET}"
-keytool \
-  -certreq \
-  -alias $SERVER_ALIAS \
-  -dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -gencert \
-    -alias $ROOT_KEY_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -storetype $STORETYPE \
-    -validity $VALIDITY |
-  keytool \
-    -importcert \
-    -alias $SERVER_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD
-
-echo
-echo "${H2}Creating bootstrap key and self-signed  certificate ...${RESET}"
-keytool \
-  -genkeypair \
-  -alias $BOOTSTRAP_ALIAS \
-  -keyalg EC \
-  -dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -validity $VALIDITY \
-  -storetype $STORETYPE \
-  -keypass $SERVER_STORE_PWD \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD
-keytool \
-  -exportcert \
-  -alias $BOOTSTRAP_ALIAS \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -importcert \
-    -alias $BOOTSTRAP_SELF_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -noprompt
-
-echo
-echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}"
-keytool \
-  -certreq \
-  -alias $BOOTSTRAP_ALIAS \
-  -dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-  -keystore $SERVER_STORE \
-  -storepass $SERVER_STORE_PWD |
-  keytool \
-    -gencert \
-    -alias $ROOT_KEY_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD \
-    -storetype $STORETYPE \
-    -validity $VALIDITY |
-  keytool \
-    -importcert \
-    -alias $BOOTSTRAP_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD
-
-if [ "$client_start" -lt "$client_finish" ]; then
-  echo
-  echo "${H2}Import root certificate just to be able to import  need by root CA with expected CN to $CLIENT_STORE${RESET}"
-  keytool \
-    -exportcert \
-    -alias $ROOT_KEY_ALIAS \
-    -keystore $SERVER_STORE \
-    -storepass $SERVER_STORE_PWD |
-    keytool \
-      -importcert \
-      -alias $ROOT_KEY_ALIAS \
-      -keystore $CLIENT_STORE \
-      -storepass $CLIENT_STORE_PWD \
-      -noprompt
-fi
-
-cert_end_point() {
-  echo
-  echo "${H1}Client Keystore : ${RESET}"
-  echo "${H1}==================${RESET}"
-  echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}"
-  keytool \
-    -genkeypair \
-    -alias $CLIENT_ALIAS \
-    -keyalg EC \
-    -dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-    -validity $VALIDITY \
-    -storetype $STORETYPE \
-    -keypass $CLIENT_STORE_PWD \
-    -keystore $CLIENT_STORE \
-    -storepass $CLIENT_STORE_PWD
-  keytool \
-    -exportcert \
-    -alias $CLIENT_ALIAS \
-    -keystore $CLIENT_STORE \
-    -storepass $CLIENT_STORE_PWD |
-    keytool \
-      -importcert \
-      -alias $CLIENT_SELF_ALIAS \
-      -keystore $CLIENT_STORE \
-      -storepass $CLIENT_STORE_PWD \
-      -noprompt
-#
-#  echo
-#  echo "${H2}Import root certificate just to be able to import  ned by root CA with expected CN...${RESET}"
-#  keytool \
-#    -exportcert \
-#    -alias $ROOT_KEY_ALIAS \
-#    -keystore $SERVER_STORE \
-#    -storepass $SERVER_STORE_PWD |
-#    keytool \
-#      -importcert \
-#      -alias $ROOT_KEY_ALIAS \
-#      -keystore $CLIENT_STORE \
-#      -storepass $CLIENT_STORE_PWD \
-#      -noprompt
-#
-
-  echo
-  echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}"
-  keytool \
-    -certreq \
-    -alias $CLIENT_ALIAS \
-    -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-    -keystore $CLIENT_STORE \
-    -storepass $CLIENT_STORE_PWD |
-    keytool \
-      -gencert \
-      -alias $ROOT_KEY_ALIAS \
-      -keystore $SERVER_STORE \
-      -storepass $SERVER_STORE_PWD \
-      -storetype $STORETYPE \
-      -validity $VALIDITY |
-    keytool \
-      -importcert \
-      -alias $CLIENT_ALIAS \
-      -keystore $CLIENT_STORE \
-      -storepass $CLIENT_STORE_PWD \
-      -noprompt
-}
-
-if [ "$client_start" -lt "$client_finish" ]; then
-
-  echo
-  echo "==Start Client=="
-  while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do
-    echo "number $CLIENT_NUMBER"
-    echo "finish $client_finish"
-    CLIENT_CN=$(end_point)
-    CLIENT_ALIAS=$(client_alias_point)
-    CLIENT_SELF_ALIAS=$(client_self_alias_point)
-    echo "CLIENT_CN $CLIENT_CN"
-    echo "CLIENT_ALIAS $CLIENT_ALIAS"
-    echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS"
-    cert_end_point
-    CLIENT_NUMBER=$(($CLIENT_NUMBER + 1))
-    echo
-  done
-fi
-
-echo
-echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
-keytool \
-  -importkeystore \
-  -srckeystore $SERVER_STORE \
-  -destkeystore $SERVER_STORE \
-  -deststoretype pkcs12 \
-  -srcstorepass $SERVER_STORE_PWD
-
-if [ "$client_start" -lt "$client_finish" ]; then
-  echo
-  echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
-  keytool \
-    -importkeystore \
-    -srckeystore $CLIENT_STORE \
-    -destkeystore $CLIENT_STORE \
-    -deststoretype pkcs12 \
-    -srcstorepass $CLIENT_STORE_PWD
-fi
--- a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties
+++ b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties
@ -1,57 +0,0 @@
-#
-# Copyright © 2016-2017 The Thingsboard Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Keystore common parameters
-ROOT_KEY_ALIAS=rootCA
-DOMAIN_SUFFIX="$(hostname)"
-ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS"
-ORGANIZATIONAL_UNIT=Thingsboard
-ORGANIZATION=Thingsboard
-CITY=SF
-STATE_OR_PROVINCE=CA
-TWO_LETTER_COUNTRY_CODE=US
-VALIDITY=36500 #days
-STORETYPE="JKS"
-
-#Server
-SERVER_STORE=serverKeyStore1.jks
-SERVER_STORE_PWD=server_ks_password1
-SERVER_ALIAS=server1
-SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA"
-SERVER_SELF_ALIAS=server_self_signed
-SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed"
-BOOTSTRAP_ALIAS=bootstrap1
-BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA"
-BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed
-BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed"
-
-# Client
-CLIENT_STORE=clientKeyStore1.jks
-CLIENT_STORE_PWD=client_ks_password1
-CLIENT_ALIAS_PREFIX=client_alias_1
-CLIENT_PREFIX=LwX509___
-CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1
-CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed"
-
-# Color output stuff
-red=`tput setaf 1`
-green=`tput setaf 2`
-blue=`tput setaf 4`
-bold=`tput bold`
-H0=${red}${bold}
-H1=${green}${bold} 
-H2=${blue} 
-RESET=`tput sgr0`
--- a/transport/lwm2m/src/main/data/lwm2mserver.jks
+++ b/transport/lwm2m/src/main/data/lwm2mserver.jks
--- a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
+++ b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
@ -114,7 +114,7 @@ transport:
        # Server X509 Certificates support
        credentials:
          # Whether to enable LWM2M server X509 Certificate/RPK support
-          enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:true}"
+          enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:false}"
          # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
          type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}"
          # PEM server credentials
@ -150,7 +150,7 @@ transport:
        # Bootstrap server X509 Certificates support
        credentials:
          # Whether to enable LWM2M bootstrap server X509 Certificate/RPK support
-          enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:true}"
+          enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:false}"
          # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
          type:  "${LWM2M_BS_CREDENTIALS_TYPE:PEM}"
          # PEM server credentials
@ -177,19 +177,19 @@ transport:
      # X509 trust certificates
      trust-credentials:
        # Whether to load X509 trust certificates
-        enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:true}"
+        enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:false}"
        # Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore)
        type:  "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}"
        # PEM certificates
        pem:
          # Path to the certificates file (holds trust certificates)
-          cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mserver.pem}"
+          cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mtruststorechain.pem}"
        # Keystore with trust certificates
        keystore:
          # Type of the key store
          type: "${LWM2M_TRUST_KEY_STORE_TYPE:JKS}"
          # Path to the key store that holds the X509 certificates
-          store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mserver.jks}"
+          store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mtruststorechain.jks}"
          # Password used to access the key store
          store_password: "${LWM2M_TRUST_KEY_STORE_PASSWORD:server_ks_password}"
      recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"