Lwm2m fix bug validate credentials per each update registration

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MAuthorizer.java

@@ -17,6 +17,7 @@ package org.thingsboard.server.transport.lwm2m.secure;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.leshan.core.SecurityMode;
 import org.eclipse.leshan.core.request.Identity;
 import org.eclipse.leshan.core.request.UplinkRequest;
 import org.eclipse.leshan.server.registration.Registration;
@@ -30,6 +31,8 @@ import org.thingsboard.server.transport.lwm2m.server.client.LwM2mClientContext;
 import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore;
 import org.thingsboard.server.transport.lwm2m.server.store.TbSecurityStore;
 
+import java.util.Arrays;
+
 @Component
 @RequiredArgsConstructor
 @TbLwM2mTransportComponent
@@ -61,6 +64,11 @@ public class TbLwM2MAuthorizer implements Authorizer {
         if (securityStore != null) {
             try {
                 expectedSecurityInfo = securityStore.getByEndpoint(registration.getEndpoint());
+                if (expectedSecurityInfo != null && expectedSecurityInfo.usePSK() && expectedSecurityInfo.getEndpoint().equals(SecurityMode.NO_SEC.toString())
+                        && expectedSecurityInfo.getIdentity().equals(SecurityMode.NO_SEC.toString())
+                        && Arrays.equals(SecurityMode.NO_SEC.toString().getBytes(), expectedSecurityInfo.getPreSharedKey())) {
+                    expectedSecurityInfo = null;
+                }
             } catch (LwM2MAuthException e) {
                 log.info("Registration failed: FORBIDDEN, endpointId: [{}]", registration.getEndpoint());
                 return null;

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbInMemorySecurityStore.java

@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.transport.lwm2m.server.store;
 
+import org.eclipse.leshan.core.SecurityMode;
 import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException;
 import org.eclipse.leshan.server.security.SecurityInfo;
 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MSecurityInfo;
@@ -48,9 +49,15 @@ public class TbInMemorySecurityStore implements TbEditableSecurityStore {
         readLock.lock();
         try {
             TbLwM2MSecurityInfo securityInfo = securityByEp.get(endpoint);
-            if (securityInfo != null) {
+            if (securityInfo != null ) {
-                return securityInfo.getSecurityInfo();
+                if (SecurityMode.NO_SEC.equals(securityInfo.getSecurityMode())) {
+                    return SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(),
+                            SecurityMode.NO_SEC.toString().getBytes());
                 } else {
+                    return securityInfo.getSecurityInfo();
+                }
+            }
+            else {
                 return null;
             }
         } finally {

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mRedisSecurityStore.java

@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.transport.lwm2m.server.store;
 
+import org.eclipse.leshan.core.SecurityMode;
 import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException;
 import org.eclipse.leshan.server.security.SecurityInfo;
 import org.nustaq.serialization.FSTConfiguration;
@@ -49,8 +50,14 @@ public class TbLwM2mRedisSecurityStore implements TbEditableSecurityStore {
             if (data == null || data.length == 0) {
                 return null;
             } else {
+                if (SecurityMode.NO_SEC.equals(((TbLwM2MSecurityInfo) serializer.asObject(data)).getSecurityMode())) {
+                    return SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(),
+                            SecurityMode.NO_SEC.toString().getBytes());
+                }
+                else {
                     return ((TbLwM2MSecurityInfo) serializer.asObject(data)).getSecurityInfo();
                 }
+            }
         } finally {
             if (lock != null) {
                 lock.unlock();

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mSecurityStore.java

@@ -16,12 +16,14 @@
 package org.thingsboard.server.transport.lwm2m.server.store;
 
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.leshan.core.SecurityMode;
 import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException;
 import org.eclipse.leshan.server.security.SecurityInfo;
 import org.jetbrains.annotations.Nullable;
 import org.thingsboard.server.transport.lwm2m.secure.LwM2mCredentialsSecurityInfoValidator;
 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MSecurityInfo;
 
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
@@ -46,11 +48,21 @@ public class TbLwM2mSecurityStore implements TbMainSecurityStore {
         return securityStore.getTbLwM2MSecurityInfoByEndpoint(endpoint);
     }
 
+    /**
+     * @param endpoint
+     * @return : If SecurityMode == NO_SEC:
+     * return SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(),
+     * SecurityMode.NO_SEC.toString().getBytes());
+     */
     @Override
     public SecurityInfo getByEndpoint(String endpoint) {
         SecurityInfo securityInfo = securityStore.getByEndpoint(endpoint);
         if (securityInfo == null) {
             securityInfo = fetchAndPutSecurityInfo(endpoint);
+        } else if (securityInfo.usePSK() && securityInfo.getEndpoint().equals(SecurityMode.NO_SEC.toString())
+                && securityInfo.getIdentity().equals(SecurityMode.NO_SEC.toString())
+                && Arrays.equals(SecurityMode.NO_SEC.toString().getBytes(), securityInfo.getPreSharedKey())) {
+            return null;
         }
         return securityInfo;
     }