From c78c46c8ec7abfe6a322157928dd4e8e30aae0d1 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Mon, 25 Oct 2021 10:58:11 +0300 Subject: [PATCH] Lwm2m fix bug validate credentials per each update registration --- .../transport/lwm2m/secure/TbLwM2MAuthorizer.java | 8 ++++++++ .../lwm2m/server/store/TbInMemorySecurityStore.java | 13 ++++++++++--- .../server/store/TbLwM2mRedisSecurityStore.java | 9 ++++++++- .../lwm2m/server/store/TbLwM2mSecurityStore.java | 12 ++++++++++++ 4 files changed, 38 insertions(+), 4 deletions(-) diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MAuthorizer.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MAuthorizer.java index 04c6a2b160..5cb8390ef9 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MAuthorizer.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MAuthorizer.java @@ -17,6 +17,7 @@ package org.thingsboard.server.transport.lwm2m.secure; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.eclipse.leshan.core.SecurityMode; import org.eclipse.leshan.core.request.Identity; import org.eclipse.leshan.core.request.UplinkRequest; import org.eclipse.leshan.server.registration.Registration; @@ -30,6 +31,8 @@ import org.thingsboard.server.transport.lwm2m.server.client.LwM2mClientContext; import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; import org.thingsboard.server.transport.lwm2m.server.store.TbSecurityStore; +import java.util.Arrays; + @Component @RequiredArgsConstructor @TbLwM2mTransportComponent @@ -61,6 +64,11 @@ public class TbLwM2MAuthorizer implements Authorizer { if (securityStore != null) { try { expectedSecurityInfo = securityStore.getByEndpoint(registration.getEndpoint()); + if (expectedSecurityInfo != null && expectedSecurityInfo.usePSK() && expectedSecurityInfo.getEndpoint().equals(SecurityMode.NO_SEC.toString()) + && expectedSecurityInfo.getIdentity().equals(SecurityMode.NO_SEC.toString()) + && Arrays.equals(SecurityMode.NO_SEC.toString().getBytes(), expectedSecurityInfo.getPreSharedKey())) { + expectedSecurityInfo = null; + } } catch (LwM2MAuthException e) { log.info("Registration failed: FORBIDDEN, endpointId: [{}]", registration.getEndpoint()); return null; diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbInMemorySecurityStore.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbInMemorySecurityStore.java index 9c0b109082..0286e1556f 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbInMemorySecurityStore.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbInMemorySecurityStore.java @@ -15,6 +15,7 @@ */ package org.thingsboard.server.transport.lwm2m.server.store; +import org.eclipse.leshan.core.SecurityMode; import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException; import org.eclipse.leshan.server.security.SecurityInfo; import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MSecurityInfo; @@ -48,9 +49,15 @@ public class TbInMemorySecurityStore implements TbEditableSecurityStore { readLock.lock(); try { TbLwM2MSecurityInfo securityInfo = securityByEp.get(endpoint); - if (securityInfo != null) { - return securityInfo.getSecurityInfo(); - } else { + if (securityInfo != null ) { + if (SecurityMode.NO_SEC.equals(securityInfo.getSecurityMode())) { + return SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(), + SecurityMode.NO_SEC.toString().getBytes()); + } else { + return securityInfo.getSecurityInfo(); + } + } + else { return null; } } finally { diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mRedisSecurityStore.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mRedisSecurityStore.java index 54200be434..4990923ce8 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mRedisSecurityStore.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mRedisSecurityStore.java @@ -15,6 +15,7 @@ */ package org.thingsboard.server.transport.lwm2m.server.store; +import org.eclipse.leshan.core.SecurityMode; import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException; import org.eclipse.leshan.server.security.SecurityInfo; import org.nustaq.serialization.FSTConfiguration; @@ -49,7 +50,13 @@ public class TbLwM2mRedisSecurityStore implements TbEditableSecurityStore { if (data == null || data.length == 0) { return null; } else { - return ((TbLwM2MSecurityInfo) serializer.asObject(data)).getSecurityInfo(); + if (SecurityMode.NO_SEC.equals(((TbLwM2MSecurityInfo) serializer.asObject(data)).getSecurityMode())) { + return SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(), + SecurityMode.NO_SEC.toString().getBytes()); + } + else { + return ((TbLwM2MSecurityInfo) serializer.asObject(data)).getSecurityInfo(); + } } } finally { if (lock != null) { diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mSecurityStore.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mSecurityStore.java index ac0d3d0e68..a289391dbf 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mSecurityStore.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mSecurityStore.java @@ -16,12 +16,14 @@ package org.thingsboard.server.transport.lwm2m.server.store; import lombok.extern.slf4j.Slf4j; +import org.eclipse.leshan.core.SecurityMode; import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException; import org.eclipse.leshan.server.security.SecurityInfo; import org.jetbrains.annotations.Nullable; import org.thingsboard.server.transport.lwm2m.secure.LwM2mCredentialsSecurityInfoValidator; import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MSecurityInfo; +import java.util.Arrays; import java.util.HashSet; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -46,11 +48,21 @@ public class TbLwM2mSecurityStore implements TbMainSecurityStore { return securityStore.getTbLwM2MSecurityInfoByEndpoint(endpoint); } + /** + * @param endpoint + * @return : If SecurityMode == NO_SEC: + * return SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(), + * SecurityMode.NO_SEC.toString().getBytes()); + */ @Override public SecurityInfo getByEndpoint(String endpoint) { SecurityInfo securityInfo = securityStore.getByEndpoint(endpoint); if (securityInfo == null) { securityInfo = fetchAndPutSecurityInfo(endpoint); + } else if (securityInfo.usePSK() && securityInfo.getEndpoint().equals(SecurityMode.NO_SEC.toString()) + && securityInfo.getIdentity().equals(SecurityMode.NO_SEC.toString()) + && Arrays.equals(SecurityMode.NO_SEC.toString().getBytes(), securityInfo.getPreSharedKey())) { + return null; } return securityInfo; }