diff --git a/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java b/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java
index ff6b004405..2bb68737ac 100644
--- a/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java
+++ b/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java
@@ -74,7 +74,7 @@ public class TbTestWebSocketClient extends WebSocketClient {
}
public String waitForUpdate() {
- return waitForUpdate(TimeUnit.SECONDS.toMillis(3));
+ return waitForUpdate(TimeUnit.SECONDS.toMillis(8));
}
public String waitForUpdate(long ms) {
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java
index 13e0858199..0a95dfdbc9 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java
@@ -135,7 +135,7 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest
protected LwM2MTestClient client;
private final LwM2MBootstrapClientCredentials defaultBootstrapCredentials;
private String[] resources;
- protected String endpoint;
+// protected String endpoint;
public AbstractLwM2MIntegrationTest() {
this.defaultBootstrapCredentials = new LwM2MBootstrapClientCredentials();
@@ -197,8 +197,8 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest
wsClient.waitForReply();
wsClient.registerWaitForUpdate();
- this.endpoint = endpoint;
- createNewClient(security, coapConfig, false);
+// this.endpoint = endpoint;
+ createNewClient(security, coapConfig, false, endpoint);
String msg = wsClient.waitForUpdate();
log.info("msg5555: [{}]", msg);
@@ -264,13 +264,13 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest
this.resources = resources;
}
- public void setEndpoint(String endpoint) {
- this.endpoint = endpoint;
- }
+// public void setEndpoint(String endpoint) {
+// this.endpoint = endpoint;
+// }
- public void createNewClient(Security security, NetworkConfig coapConfig, boolean isRpc) throws Exception {
+ public void createNewClient(Security security, NetworkConfig coapConfig, boolean isRpc, String endpoint) throws Exception {
clientDestroy();
- client = new LwM2MTestClient(this.executor, this.endpoint);
+ client = new LwM2MTestClient(this.executor, endpoint);
int clientPort = SocketUtils.findAvailableTcpPort();
client.init(security, coapConfig, clientPort, isRpc);
}
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java
index e78d74bdcd..6cf35aeb94 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java
@@ -30,6 +30,9 @@ import static org.thingsboard.server.common.data.ota.OtaPackageType.SOFTWARE;
public abstract class AbstractOtaLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest {
private final String[] resources = new String[]{"3.xml", "5.xml", "9.xml"};
+ protected static final String CLIENT_ENDPOINT_WITHOUT_FW_INFO = "WithoutFirmwareInfoDevice";
+ protected static final String CLIENT_ENDPOINT_OTA5 = "Ota5_Device";
+ protected static final String CLIENT_ENDPOINT_OTA9 = "Ota9_Device";
public AbstractOtaLwM2MIntegrationTest() {
setResources(this.resources);
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java
index 903750663a..95a0a774a2 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java
@@ -138,12 +138,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest {
@Test
public void testFirmwareUpdateWithClientWithoutFirmwareOtaInfoFromProfile() throws Exception {
- String endpoint = "WithoutFirmwareInfoDevice";
- setEndpoint(endpoint);
+// String endpoint = "WithoutFirmwareInfoDevice";
+// setEndpoint(endpoint);
createDeviceProfile(transportConfiguration);
- NoSecClientCredential credentials = createNoSecClientCredentials(endpoint);
+ NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_WITHOUT_FW_INFO);
final Device device = createDevice(credentials);
- createNewClient(SECURITY, COAP_CONFIG, false);
+ createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_WITHOUT_FW_INFO);
Thread.sleep(1000);
@@ -165,12 +165,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest {
@Test
public void testFirmwareUpdateByObject5() throws Exception {
- String endpoint = "Ota5_Device";
- setEndpoint(endpoint);
+// String endpoint = "Ota5_Device";
+// setEndpoint(endpoint);
createDeviceProfile(OTA_TRANSPORT_CONFIGURATION);
- NoSecClientCredential credentials = createNoSecClientCredentials(endpoint);
+ NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA5);
final Device device = createDevice(credentials);
- createNewClient(SECURITY, COAP_CONFIG, false);
+ createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_OTA5);
Thread.sleep(1000);
@@ -204,12 +204,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest {
* */
@Test
public void testSoftwareUpdateByObject9() throws Exception {
- String endpoint = "Ota9_Device";
- setEndpoint(endpoint);
+// String endpoint = "Ota9_Device";
+// setEndpoint(endpoint);
createDeviceProfile(OTA_TRANSPORT_CONFIGURATION);
- NoSecClientCredential credentials = createNoSecClientCredentials(endpoint);
+ NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA9);
final Device device = createDevice(credentials);
- createNewClient(SECURITY, COAP_CONFIG, false);
+ createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_OTA9);
Thread.sleep(1000);
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java
index 95878b74d1..2310fe1659 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java
@@ -73,6 +73,7 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg
protected String objectIdVer_50 = "/50";
protected String objectIdVer_3303;
protected static AtomicInteger endpointSequence = new AtomicInteger();
+ protected static String endpointRpcPref = "deviceEndpointRpc";
public AbstractRpcLwM2MIntegrationTest(){
setResources(resources);
@@ -80,9 +81,10 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg
@Before
public void beforeTest() throws Exception {
- setEndpoint("deviceEndpointRpc" + endpointSequence.incrementAndGet());
+ String endpoint = endpointRpcPref + endpointSequence.incrementAndGet();
+// setEndpoint(endpoint);
init();
- createNewClient (SECURITY, COAP_CONFIG, true);
+ createNewClient (SECURITY, COAP_CONFIG, true, endpoint);
expectedObjects = ConcurrentHashMap.newKeySet();
expectedObjectIdVers = ConcurrentHashMap.newKeySet();
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java
index b0fadf1d23..c10eb46620 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java
@@ -27,7 +27,6 @@ import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@DaoSqlTest
@@ -67,16 +66,22 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M
// Client
protected LwM2MTestClient client;
- protected static final String CLIENT_ENDPOINT_NO_TRUST = "deviceAEndpoint";
- protected static final String CLIENT_ENDPOINT_TRUST = "LwX50900000000";
+ protected static final String CLIENT_ENDPOINT_NO_SEC = "LwNoSec00000000";
+ protected static final String CLIENT_ENDPOINT_PSK = "LwPsk00000000";
+ protected static final String CLIENT_ENDPOINT_RPK = "LwRpk00000000";
+ protected static final String CLIENT_ENDPOINT_X509_TRUST = "LwX50900000000";
+ protected static final String CLIENT_ENDPOINT_X509_TRUST_NO = "LwX509TrustNo";
protected static final String CLIENT_JKS_FOR_TEST = "lwm2mclient";
protected static final String CLIENT_STORE_PWD = "client_ks_password";
+ protected static final String CLIENT_ALIAS_CERT_TRUST = "client_alias_00000000";
+ protected static final String CLIENT_ALIAS_CERT_TRUST_NO = "client_alias_trust_no";
- protected static final String CLIENT_CERT_ALIAS = "client_alias_00000000";
-
- protected final X509Certificate clientX509Cert; // client certificate signed by intermediate, rootCA with a good CN ("host name")
- protected final PrivateKey clientPrivateKeyFromCert; // client private key used for X509 and RPK
- protected final PublicKey clientPublicKeyFromCert; // client public key used for RPK
+ protected final X509Certificate clientX509CertTrust; // client certificate signed by intermediate, rootCA with a good CN ("host name")
+ protected final PrivateKey clientPrivateKeyFromCertTrust; // client private key used for X509 and RPK
+ protected final PublicKey clientPublicKeyFromCertTrust; // client public key used for RPK
+ protected final X509Certificate clientX509CertTrustNo; // client certificate signed by intermediate, rootCA with a good CN ("host name")
+ protected final PrivateKey clientPrivateKeyFromCertTrustNo; // client private key used for X509 and RPK
+ protected final PublicKey clientPublicKeyFromCertTrustNo; // client public key used for RPK
private final String[] resources = new String[]{"1.xml", "2.xml", "3.xml", "5.xml", "9.xml"};
@@ -87,7 +92,7 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M
public AbstractSecurityLwM2MIntegrationTest() {
// create client credentials
setResources(this.resources);
- setEndpoint(CLIENT_ENDPOINT_NO_TRUST);
+// setEndpoint(CLIENT_ENDPOINT_NO_TRUST);
try {
// Get keys PSK
this.pskIdentity = "SOME_PSK_ID";
@@ -122,13 +127,14 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M
clientKeyStore.load(clientKeyStoreFile, clientKeyStorePwd);
}
- clientPrivateKeyFromCert = (PrivateKey) clientKeyStore.getKey(CLIENT_CERT_ALIAS, clientKeyStorePwd);
- clientX509Cert = (X509Certificate) clientKeyStore.getCertificate(CLIENT_CERT_ALIAS);
- clientPublicKeyFromCert = clientX509Cert.getPublicKey();
+ clientPrivateKeyFromCertTrust = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST, clientKeyStorePwd);
+ clientX509CertTrust = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST);
+ clientPublicKeyFromCertTrust = clientX509CertTrust != null ? clientX509CertTrust.getPublicKey() : null;
+
+ clientPrivateKeyFromCertTrustNo = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST_NO, clientKeyStorePwd);
+ clientX509CertTrustNo = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST_NO);
+ clientPublicKeyFromCertTrustNo = clientX509CertTrustNo != null ? clientX509CertTrustNo.getPublicKey() : null;
-// clientX509CertWithBadCN = (X509Certificate) clientKeyStore.getCertificate("client_bad_cn");
-// clientX509CertSelfSigned = (X509Certificate) clientKeyStore.getCertificate("client_self_signed");
-// clientX509CertNotTrusted = (X509Certificate) clientKeyStore.getCertificate("client_not_trusted");
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException(e);
}
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java
index 4daac68f9a..8331b99fff 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java
@@ -29,8 +29,8 @@ public class NoSecLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationT
@Test
public void testConnectAndObserveTelemetry() throws Exception {
- NoSecClientCredential clientCredentials = createNoSecClientCredentials(CLIENT_ENDPOINT_TRUST);
- super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+ NoSecClientCredential clientCredentials = createNoSecClientCredentials(CLIENT_ENDPOINT_NO_SEC);
+ super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_NO_SEC);
}
}
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java
index 11b6f3f6e7..d7296fd47c 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java
@@ -34,13 +34,13 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes
@Test
public void testConnectWithPSKAndObserveTelemetry() throws Exception {
PSKClientCredential clientCredentials = new PSKClientCredential();
- clientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST);
+ clientCredentials.setEndpoint(CLIENT_ENDPOINT_PSK);
clientCredentials.setKey(pskKey);
clientCredentials.setIdentity(pskIdentity);
Security security = psk(SECURE_URI,
SHORT_SERVER_ID,
pskIdentity.getBytes(StandardCharsets.UTF_8),
Hex.decodeHex(pskKey.toCharArray()));
- super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+ super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_PSK);
}
}
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java
index 1f73a2a739..0066014a9b 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java
@@ -33,13 +33,13 @@ public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTes
@Test
public void testConnectWithRPKAndObserveTelemetry() throws Exception {
RPKClientCredential rpkClientCredentials = new RPKClientCredential();
- rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST);
- rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCert.getEncoded())));
+ rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_RPK);
+ rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCertTrust.getEncoded())));
Security security = rpk(SECURE_URI,
SHORT_SERVER_ID,
- clientPublicKeyFromCert.getEncoded(),
- clientPrivateKeyFromCert.getEncoded(),
+ clientPublicKeyFromCertTrust.getEncoded(),
+ clientPrivateKeyFromCertTrust.getEncoded(),
serverPublicKeyFromCert.getEncoded());
- super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+ super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_RPK);
}
}
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java
index 6ca430327d..b2ce6c470d 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java
@@ -15,6 +15,7 @@
*/
package org.thingsboard.server.transport.lwm2m.security.sql;
+import org.apache.commons.codec.binary.Base64;
import org.eclipse.leshan.client.object.Security;
import org.junit.Ignore;
import org.junit.Test;
@@ -29,18 +30,18 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE
public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest {
- @Ignore
@Test
public void testConnectWithCertAndObserveTelemetry() throws Exception {
-// X509ClientCredential credentials = new X509ClientCredential();
-// credentials.setEndpoint(CLIENT_ENDPOINT_NO_TRUST);
-// credentials.setCert(SslUtil.getCertificateString(clientX509CertNotTrusted));
-// Security security = x509(SECURE_URI,
-// SHORT_SERVER_ID,
-// clientX509CertNotTrusted.getEncoded(),
-// clientPrivateKeyNotTrustedFromCert.getEncoded(),
-// serverX509Cert.getEncoded());
-// super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_NO_TRUST);
+ X509ClientCredential credentials = new X509ClientCredential();
+ credentials.setEndpoint(CLIENT_ENDPOINT_X509_TRUST_NO);
+// rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCertTrust.getEncoded())));
+ credentials.setCert(SslUtil.getCertificateString(clientX509CertTrustNo));
+ Security security = x509(SECURE_URI,
+ SHORT_SERVER_ID,
+ clientX509CertTrustNo.getEncoded(),
+ clientPrivateKeyFromCertTrustNo.getEncoded(),
+ serverX509Cert.getEncoded());
+ super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_X509_TRUST_NO);
}
}
diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java
index 28a10fd278..a51ea98be6 100644
--- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java
+++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java
@@ -30,13 +30,13 @@ public class X509_TrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegra
@Test
public void testConnectAndObserveTelemetry() throws Exception {
X509ClientCredential credentials = new X509ClientCredential();
- credentials.setEndpoint(CLIENT_ENDPOINT_TRUST);
+ credentials.setEndpoint(CLIENT_ENDPOINT_X509_TRUST);
Security security = x509(SECURE_URI,
SHORT_SERVER_ID,
- clientX509Cert.getEncoded(),
- clientPrivateKeyFromCert.getEncoded(),
+ clientX509CertTrust.getEncoded(),
+ clientPrivateKeyFromCertTrust.getEncoded(),
serverX509Cert.getEncoded());
- super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+ super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_X509_TRUST);
}
}
diff --git a/application/src/test/resources/logback.xml b/application/src/test/resources/logback.xml
index d3301bf660..175eda993c 100644
--- a/application/src/test/resources/logback.xml
+++ b/application/src/test/resources/logback.xml
@@ -10,6 +10,7 @@
+
diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks b/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks
index 490812c01a..ca8c8ed1d7 100644
Binary files a/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks and b/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks differ
diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks b/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks
index a1923e942f..d16967343f 100644
Binary files a/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks and b/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks differ
diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mtruststorechain.jks b/application/src/test/resources/lwm2m/credentials/lwm2mtruststorechain.jks
index 2e46c71889..b97f3629cd 100644
Binary files a/application/src/test/resources/lwm2m/credentials/lwm2mtruststorechain.jks and b/application/src/test/resources/lwm2m/credentials/lwm2mtruststorechain.jks differ
diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_trusts_and_clients_for_test.sh b/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_clients_for_test.sh
similarity index 63%
rename from application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_trusts_and_clients_for_test.sh
rename to application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_clients_for_test.sh
index 26f47266a7..243e498b04 100755
--- a/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_trusts_and_clients_for_test.sh
+++ b/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_clients_for_test.sh
@@ -26,6 +26,12 @@ readonly CLIENT_CERT_KEY_PREF="LwX509"
readonly CLIENT_CERT_ALIAS_PREF="client_alias_"
readonly CLIENT_STORE_PWD="client_ks_password"
readonly CLIENT_HOST_NAME="thingsboard_test.io"
+
+readonly TRUST_NO_PATH="TrustNo"
+readonly CA_ROOT_NO_ALIAS="root-no"
+readonly CLIENT_CERT_TRUST_NO_KEY="LwX509TrustNo"
+readonly CLIENT_CERT_ALIAS_TRUST_NO="client_alias_trust_no"
+
CLIENT_START=0
CLIENT_FINISH=1
CLIENT_NUMBER=${CLIENT_START}
@@ -60,6 +66,8 @@ fi
# Change working directory
rm -rf ${TRUST_PATH}
mkdir -p ${TRUST_PATH}
+rm -rf ${TRUST_NO_PATH}
+mkdir -p ${TRUST_NO_PATH}
rm -rf ${CLIENT_PATH}
mkdir -p ${CLIENT_PATH}
cd -- "$(
@@ -182,7 +190,7 @@ tee ./${TRUST_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG
CONFIG
echo "===================================================="
-echo -e "Generate the root of certificates: \n-${CA_ROOT_KEY}-key.pem (certificate key)\n-${CA_ROOT_KEY}.pem (certificate)\n-${CA_ROOT_KEY}.csr (sign request)"
+echo -e "Generate the root of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)"
echo "===================================================="
cfssl genkey \
-initca \
@@ -286,14 +294,114 @@ keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT
done
+#keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12
+
+echo "===================================================="
+echo -e "Generate the root no trust in ${TRUST_NO_PATH} of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)"
+echo "===================================================="
+cfssl genkey \
+ -initca \
+ - \
+ <<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY}
+{
+ "CN": "ROOT CA NO TRUST",
+ "key": {
+ "algo": "ecdsa",
+ "size": 256
+ },
+ "names": [
+ {
+ "C": "UK",
+ "ST": "Kyiv city",
+ "L": "Kyiv",
+ "O": "Thingsboard",
+ "OU": "DEVELOPER_TEST"
+ }
+ ],
+ "ca": {
+ "expiry": "131400h"
+ }
+}
+CONFIG
+
+CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY}.pem)
+
+echo "===================================================="
+echo -e "Generate and Signed the intermediates of our no trust in ${TRUST_NO_PATH} certificate: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)"
+echo "===================================================="
+
+CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY}
+CA_LIST_CERT_FOR_CAT=""
+CA_INTERMEDIATE_NUMBER=0
+while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]];
+do
+ CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name)
+ CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1))
+
+ cfssl gencert \
+ -ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \
+ -ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \
+ -config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \
+ -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \
+ - \
+ <<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}
+ {
+ "CN": "${CA_INTERMEDIATE_CERT_KEY}_TRUST_NO",
+ "names": [
+ {
+ "C": "UK",
+ "ST": "Kyiv city",
+ "L": "Kyiv",
+ "O": "Thingsboard",
+ "OU": "DEVELOPER_TEST"
+ }
+ ]
+ }
+CONFIG
+ #openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout
+ CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem)
+ CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY}
+done
+
+echo "===================================================="
+echo -e "Generate and Signed the client no trust of our certificate: \n-${CLIENT_CERT_TRUST_NO_KEY}-key.pem (certificate key)\n-${CLIENT_CERT_TRUST_NO_KEY}.pem (certificate)\n-${CLIENT_CERT_TRUST_NO_KEY}.csr (sign request)"
+echo "===================================================="
+
+ CLIENT_CERT_ALIAS=$(client_alias_name)
+ CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1))
+
+ cfssl gencert \
+ -ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \
+ -ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \
+ -config ./${TRUST_PATH}/ca-config.json \
+ -profile client \
+ -hostname "${CLIENT_HOST_NAME}" \
+ - \
+ <<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}
+{
+ "CN": "${CLIENT_CERT_TRUST_NO_KEY}"
+}
+CONFIG
+
+echo "===================================================="
+echo -e "Add the client certificate no trust (${CLIENT_CERT_TRUST_NO_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks"
+echo "===================================================="
+cat ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem
+openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -name ${CLIENT_CERT_ALIAS_TRUST_NO} -CAfile ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_NO_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD}
+keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS_TRUST_NO}
+
+
+
keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12
-rm ./${TRUST_PATH}/*.p12
-rm ./${TRUST_PATH}/*.csr
-rm ./${TRUST_PATH}/*.json
-rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}*
-rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}*
+rm ./${TRUST_PATH}/*.p12 2> /dev/null
+rm ./${TRUST_PATH}/*.csr 2> /dev/null
+rm ./${TRUST_PATH}/*.json 2> /dev/null
+rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null
+rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null
+
+rm -rf ${TRUST_NO_PATH} 2> /dev/null
rm ./${CLIENT_PATH}/*.p12 2> /dev/null
rm ./${CLIENT_PATH}/*.csr 2> /dev/null
diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh
similarity index 79%
rename from application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh
rename to application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh
index b3b114cb28..c869366ac2 100755
--- a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh
+++ b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh
@@ -27,11 +27,11 @@ Help()
}
if [ "$1" == "-h" ] ; then
- echo -e "Usage 2: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
- echo -e "Usage 1: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
+ echo -e "Usage 1: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
+ echo -e "Usage 2: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
echo -e "Usage 3: ./`basename $0` true false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are generated\""
echo -e "Usage 4: ./`basename $0` true false false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are not generated\""
- echo -e "Usage 4: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\""
+ echo -e "Usage 5: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\""
echo "This Help File: ./`basename $0` -h"
exit 0
fi
@@ -53,13 +53,13 @@ if [ "$IS_IHFO" = false ] ; then
./lwm2m_cfssl_chain_server_for_test.sh > /dev/null 2>&1 &
fi
if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then
- ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 &
+ ./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 &
fi
else
if [ "$IS_SERVER_CREATED_KEY" = true ] ; then
./lwm2m_cfssl_chain_server_for_test.sh
fi
if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then
- ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH}
+ ./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH}
fi
fi
\ No newline at end of file