lwm2m tests add no trust

application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java

@@ -74,7 +74,7 @@ public class TbTestWebSocketClient extends WebSocketClient {
     }
 
     public String waitForUpdate() {
-        return waitForUpdate(TimeUnit.SECONDS.toMillis(3));
+        return waitForUpdate(TimeUnit.SECONDS.toMillis(8));
     }
 
     public String waitForUpdate(long ms) {

application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java

@@ -135,7 +135,7 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest
     protected LwM2MTestClient client;
     private final LwM2MBootstrapClientCredentials defaultBootstrapCredentials;
     private String[] resources;
-    protected String endpoint;
+//    protected String endpoint;
 
     public AbstractLwM2MIntegrationTest() {
         this.defaultBootstrapCredentials = new LwM2MBootstrapClientCredentials();
@@ -197,8 +197,8 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest
         wsClient.waitForReply();
 
         wsClient.registerWaitForUpdate();
-        this.endpoint = endpoint;
+//        this.endpoint = endpoint;
-        createNewClient(security, coapConfig, false);
+        createNewClient(security, coapConfig, false, endpoint);
         String msg = wsClient.waitForUpdate();
 
         log.info("msg5555: [{}]", msg);
@@ -264,13 +264,13 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest
         this.resources = resources;
     }
 
-    public void setEndpoint(String endpoint) {
+//    public void setEndpoint(String endpoint) {
-        this.endpoint = endpoint;
+//        this.endpoint = endpoint;
-    }
+//    }
 
-    public void createNewClient(Security security, NetworkConfig coapConfig, boolean isRpc) throws Exception {
+    public void createNewClient(Security security, NetworkConfig coapConfig, boolean isRpc, String endpoint) throws Exception {
         clientDestroy();
-        client = new LwM2MTestClient(this.executor, this.endpoint);
+        client = new LwM2MTestClient(this.executor, endpoint);
         int clientPort = SocketUtils.findAvailableTcpPort();
         client.init(security, coapConfig, clientPort, isRpc);
     }

application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java

@@ -30,6 +30,9 @@ import static org.thingsboard.server.common.data.ota.OtaPackageType.SOFTWARE;
 public abstract class AbstractOtaLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest {
 
     private final  String[] resources = new String[]{"3.xml", "5.xml", "9.xml"};
+    protected static final String CLIENT_ENDPOINT_WITHOUT_FW_INFO = "WithoutFirmwareInfoDevice";
+    protected static final String CLIENT_ENDPOINT_OTA5 = "Ota5_Device";
+    protected static final String CLIENT_ENDPOINT_OTA9 = "Ota9_Device";
 
     public AbstractOtaLwM2MIntegrationTest() {
         setResources(this.resources);

application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java

@@ -138,12 +138,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest {
 
     @Test
     public void testFirmwareUpdateWithClientWithoutFirmwareOtaInfoFromProfile() throws Exception {
-        String endpoint = "WithoutFirmwareInfoDevice";
+//        String endpoint = "WithoutFirmwareInfoDevice";
-        setEndpoint(endpoint);
+//        setEndpoint(endpoint);
         createDeviceProfile(transportConfiguration);
-        NoSecClientCredential credentials = createNoSecClientCredentials(endpoint);
+        NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_WITHOUT_FW_INFO);
         final Device device = createDevice(credentials);
-        createNewClient(SECURITY, COAP_CONFIG, false);
+        createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_WITHOUT_FW_INFO);
 
         Thread.sleep(1000);
 
@@ -165,12 +165,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest {
 
     @Test
     public void testFirmwareUpdateByObject5() throws Exception {
-        String endpoint = "Ota5_Device";
+//        String endpoint = "Ota5_Device";
-        setEndpoint(endpoint);
+//        setEndpoint(endpoint);
         createDeviceProfile(OTA_TRANSPORT_CONFIGURATION);
-        NoSecClientCredential credentials = createNoSecClientCredentials(endpoint);
+        NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA5);
         final Device device = createDevice(credentials);
-        createNewClient(SECURITY, COAP_CONFIG, false);
+        createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_OTA5);
 
         Thread.sleep(1000);
 
@@ -204,12 +204,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest {
      * */
     @Test
     public void testSoftwareUpdateByObject9() throws Exception {
-        String endpoint = "Ota9_Device";
+//        String endpoint = "Ota9_Device";
-        setEndpoint(endpoint);
+//        setEndpoint(endpoint);
         createDeviceProfile(OTA_TRANSPORT_CONFIGURATION);
-        NoSecClientCredential credentials = createNoSecClientCredentials(endpoint);
+        NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA9);
         final Device device = createDevice(credentials);
-        createNewClient(SECURITY, COAP_CONFIG, false);
+        createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_OTA9);
 
         Thread.sleep(1000);
 

application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java

@@ -73,6 +73,7 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg
     protected String objectIdVer_50 = "/50";
     protected String objectIdVer_3303;
     protected static AtomicInteger endpointSequence = new AtomicInteger();
+    protected static String endpointRpcPref = "deviceEndpointRpc";
 
     public AbstractRpcLwM2MIntegrationTest(){
         setResources(resources);
@@ -80,9 +81,10 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg
 
     @Before
     public void beforeTest() throws Exception {
-        setEndpoint("deviceEndpointRpc" + endpointSequence.incrementAndGet());
+        String endpoint = endpointRpcPref + endpointSequence.incrementAndGet();
+//        setEndpoint(endpoint);
         init();
-        createNewClient (SECURITY, COAP_CONFIG, true);
+        createNewClient (SECURITY, COAP_CONFIG, true, endpoint);
 
         expectedObjects = ConcurrentHashMap.newKeySet();
         expectedObjectIdVers = ConcurrentHashMap.newKeySet();

application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java

@@ -27,7 +27,6 @@ import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 
 @DaoSqlTest
@@ -67,16 +66,22 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M
 
     // Client
     protected LwM2MTestClient client;
-    protected static final String CLIENT_ENDPOINT_NO_TRUST = "deviceAEndpoint";
+    protected static final String CLIENT_ENDPOINT_NO_SEC = "LwNoSec00000000";
-    protected static final String CLIENT_ENDPOINT_TRUST = "LwX50900000000";
+    protected static final String CLIENT_ENDPOINT_PSK = "LwPsk00000000";
+    protected static final String CLIENT_ENDPOINT_RPK = "LwRpk00000000";
+    protected static final String CLIENT_ENDPOINT_X509_TRUST = "LwX50900000000";
+    protected static final String CLIENT_ENDPOINT_X509_TRUST_NO = "LwX509TrustNo";
     protected static final String CLIENT_JKS_FOR_TEST = "lwm2mclient";
     protected static final String CLIENT_STORE_PWD = "client_ks_password";
+    protected static final String CLIENT_ALIAS_CERT_TRUST = "client_alias_00000000";
+    protected static final String CLIENT_ALIAS_CERT_TRUST_NO = "client_alias_trust_no";
 
-    protected static final String CLIENT_CERT_ALIAS = "client_alias_00000000";
+    protected final X509Certificate clientX509CertTrust;         // client certificate signed by intermediate, rootCA with a good CN ("host name")
-
+    protected final PrivateKey clientPrivateKeyFromCertTrust;    // client private key used for X509 and RPK
-    protected final X509Certificate clientX509Cert;         // client certificate signed by intermediate, rootCA with a good CN ("host name")
+    protected final PublicKey clientPublicKeyFromCertTrust;      // client public key used for RPK
-    protected final PrivateKey clientPrivateKeyFromCert;    // client private key used for X509 and RPK
+    protected final X509Certificate clientX509CertTrustNo;         // client certificate signed by intermediate, rootCA with a good CN ("host name")
-    protected final PublicKey clientPublicKeyFromCert;      // client public key used for RPK
+    protected final PrivateKey clientPrivateKeyFromCertTrustNo;    // client private key used for X509 and RPK
+    protected final PublicKey clientPublicKeyFromCertTrustNo;      // client public key used for RPK
     private final  String[] resources = new String[]{"1.xml", "2.xml", "3.xml", "5.xml", "9.xml"};
 
 
@@ -87,7 +92,7 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M
     public AbstractSecurityLwM2MIntegrationTest() {
         // create client credentials
         setResources(this.resources);
-        setEndpoint(CLIENT_ENDPOINT_NO_TRUST);
+//        setEndpoint(CLIENT_ENDPOINT_NO_TRUST);
         try {
 //             Get keys PSK
             this.pskIdentity = "SOME_PSK_ID";
@@ -122,13 +127,14 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M
                 clientKeyStore.load(clientKeyStoreFile, clientKeyStorePwd);
             }
 
-            clientPrivateKeyFromCert = (PrivateKey) clientKeyStore.getKey(CLIENT_CERT_ALIAS, clientKeyStorePwd);
+            clientPrivateKeyFromCertTrust = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST, clientKeyStorePwd);
-            clientX509Cert = (X509Certificate) clientKeyStore.getCertificate(CLIENT_CERT_ALIAS);
+            clientX509CertTrust = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST);
-            clientPublicKeyFromCert = clientX509Cert.getPublicKey();
+            clientPublicKeyFromCertTrust = clientX509CertTrust != null ? clientX509CertTrust.getPublicKey() : null;
+
+            clientPrivateKeyFromCertTrustNo = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST_NO, clientKeyStorePwd);
+            clientX509CertTrustNo = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST_NO);
+            clientPublicKeyFromCertTrustNo = clientX509CertTrustNo != null ? clientX509CertTrustNo.getPublicKey() : null;
 
-//            clientX509CertWithBadCN = (X509Certificate) clientKeyStore.getCertificate("client_bad_cn");
-//            clientX509CertSelfSigned = (X509Certificate) clientKeyStore.getCertificate("client_self_signed");
-//            clientX509CertNotTrusted = (X509Certificate) clientKeyStore.getCertificate("client_not_trusted");
         } catch (GeneralSecurityException | IOException e) {
             throw new RuntimeException(e);
         }

application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java

@@ -29,8 +29,8 @@ public class NoSecLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationT
 
     @Test
     public void testConnectAndObserveTelemetry() throws Exception {
-        NoSecClientCredential clientCredentials =  createNoSecClientCredentials(CLIENT_ENDPOINT_TRUST);
+        NoSecClientCredential clientCredentials =  createNoSecClientCredentials(CLIENT_ENDPOINT_NO_SEC);
-        super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+        super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_NO_SEC);
     }
 
 }

application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java

@@ -34,13 +34,13 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes
     @Test
     public void testConnectWithPSKAndObserveTelemetry() throws Exception {
         PSKClientCredential clientCredentials = new PSKClientCredential();
-        clientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST);
+        clientCredentials.setEndpoint(CLIENT_ENDPOINT_PSK);
         clientCredentials.setKey(pskKey);
         clientCredentials.setIdentity(pskIdentity);
         Security security = psk(SECURE_URI,
                 SHORT_SERVER_ID,
                 pskIdentity.getBytes(StandardCharsets.UTF_8),
                 Hex.decodeHex(pskKey.toCharArray()));
-        super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+        super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_PSK);
     }
 }

application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java

@@ -33,13 +33,13 @@ public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTes
     @Test
     public void testConnectWithRPKAndObserveTelemetry() throws Exception {
         RPKClientCredential rpkClientCredentials = new RPKClientCredential();
-        rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST);
+        rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_RPK);
-        rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCert.getEncoded())));
+        rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCertTrust.getEncoded())));
         Security security = rpk(SECURE_URI,
                 SHORT_SERVER_ID,
-                clientPublicKeyFromCert.getEncoded(),
+                clientPublicKeyFromCertTrust.getEncoded(),
-                clientPrivateKeyFromCert.getEncoded(),
+                clientPrivateKeyFromCertTrust.getEncoded(),
                 serverPublicKeyFromCert.getEncoded());
-        super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+        super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_RPK);
     }
 }

application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java

@@ -15,6 +15,7 @@
  */
 package org.thingsboard.server.transport.lwm2m.security.sql;
 
+import org.apache.commons.codec.binary.Base64;
 import org.eclipse.leshan.client.object.Security;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -29,18 +30,18 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE
 
 public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest {
 
-    @Ignore
     @Test
     public void testConnectWithCertAndObserveTelemetry() throws Exception {
-//        X509ClientCredential credentials = new X509ClientCredential();
+        X509ClientCredential credentials = new X509ClientCredential();
-//        credentials.setEndpoint(CLIENT_ENDPOINT_NO_TRUST);
+        credentials.setEndpoint(CLIENT_ENDPOINT_X509_TRUST_NO);
-//        credentials.setCert(SslUtil.getCertificateString(clientX509CertNotTrusted));
+//        rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCertTrust.getEncoded())));
-//        Security security = x509(SECURE_URI,
+        credentials.setCert(SslUtil.getCertificateString(clientX509CertTrustNo));
-//                SHORT_SERVER_ID,
+        Security security = x509(SECURE_URI,
-//                clientX509CertNotTrusted.getEncoded(),
+                SHORT_SERVER_ID,
-//                clientPrivateKeyNotTrustedFromCert.getEncoded(),
+                clientX509CertTrustNo.getEncoded(),
-//                serverX509Cert.getEncoded());
+                clientPrivateKeyFromCertTrustNo.getEncoded(),
-//        super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_NO_TRUST);
+                serverX509Cert.getEncoded());
+        super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_X509_TRUST_NO);
     }
 
 }

application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java

@@ -30,13 +30,13 @@ public class X509_TrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegra
     @Test
     public void testConnectAndObserveTelemetry() throws Exception {
         X509ClientCredential credentials = new X509ClientCredential();
-        credentials.setEndpoint(CLIENT_ENDPOINT_TRUST);
+        credentials.setEndpoint(CLIENT_ENDPOINT_X509_TRUST);
         Security security = x509(SECURE_URI,
                 SHORT_SERVER_ID,
-                clientX509Cert.getEncoded(),
+                clientX509CertTrust.getEncoded(),
-                clientPrivateKeyFromCert.getEncoded(),
+                clientPrivateKeyFromCertTrust.getEncoded(),
                 serverX509Cert.getEncoded());
-        super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST);
+        super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_X509_TRUST);
     }
 
 }

application/src/test/resources/logback.xml

@@ -10,6 +10,7 @@
 <!--    <logger name="org.thingsboard.server.service.subscription" level="TRACE"/>-->
     <logger name="org.thingsboard.server.controller.TbTestWebSocketClient" level="INFO"/>
     <logger name="org.thingsboard.server" level="WARN"/>
+    <logger name="oorg.thingsboard.server.transport.lwm2m.AbstractLwM2MIntegrationTest" level="INFO"/>
     <logger name="org.springframework" level="WARN"/>
     <logger name="org.springframework.boot.test" level="WARN"/>
     <logger name="org.apache.cassandra" level="WARN"/>

application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_clients_for_test.sh

@@ -26,6 +26,12 @@ readonly CLIENT_CERT_KEY_PREF="LwX509"
 readonly CLIENT_CERT_ALIAS_PREF="client_alias_"
 readonly CLIENT_STORE_PWD="client_ks_password"
 readonly CLIENT_HOST_NAME="thingsboard_test.io"
+
+readonly TRUST_NO_PATH="TrustNo"
+readonly CA_ROOT_NO_ALIAS="root-no"
+readonly CLIENT_CERT_TRUST_NO_KEY="LwX509TrustNo"
+readonly CLIENT_CERT_ALIAS_TRUST_NO="client_alias_trust_no"
+
 CLIENT_START=0
 CLIENT_FINISH=1
 CLIENT_NUMBER=${CLIENT_START}
@@ -60,6 +66,8 @@ fi
 # Change working directory
 rm -rf ${TRUST_PATH}
 mkdir -p ${TRUST_PATH}
+rm -rf ${TRUST_NO_PATH}
+mkdir -p ${TRUST_NO_PATH}
 rm -rf ${CLIENT_PATH}
 mkdir -p ${CLIENT_PATH}
 cd -- "$(
@@ -182,7 +190,7 @@ tee ./${TRUST_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG
 CONFIG
 
 echo "===================================================="
-echo -e "Generate the root of certificates: \n-${CA_ROOT_KEY}-key.pem (certificate key)\n-${CA_ROOT_KEY}.pem (certificate)\n-${CA_ROOT_KEY}.csr (sign request)"
+echo -e "Generate the root of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)"
 echo "===================================================="
 cfssl genkey \
   -initca \
@@ -286,14 +294,114 @@ keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT
 
 done
 
+#keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12
+
+echo "===================================================="
+echo -e "Generate the root no trust in ${TRUST_NO_PATH} of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)"
+echo "===================================================="
+cfssl genkey \
+  -initca \
+  - \
+  <<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY}
+{
+  "CN": "ROOT CA NO TRUST",
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+    {
+      "C": "UK",
+      "ST": "Kyiv city",
+      "L": "Kyiv",
+      "O": "Thingsboard",
+      "OU": "DEVELOPER_TEST"
+    }
+  ],
+  "ca": {
+    "expiry": "131400h"
+  }
+}
+CONFIG
+
+CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY}.pem)
+
+echo "===================================================="
+echo -e "Generate and Signed the intermediates of our no trust in ${TRUST_NO_PATH} certificate: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)"
+echo "===================================================="
+
+CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY}
+CA_LIST_CERT_FOR_CAT=""
+CA_INTERMEDIATE_NUMBER=0
+while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]];
+do
+  CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name)
+  CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1))
+
+  cfssl gencert \
+    -ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \
+    -ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \
+    -config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \
+    -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \
+    - \
+    <<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}
+  {
+    "CN": "${CA_INTERMEDIATE_CERT_KEY}_TRUST_NO",
+    "names": [
+      {
+        "C": "UK",
+        "ST": "Kyiv city",
+        "L": "Kyiv",
+        "O": "Thingsboard",
+        "OU": "DEVELOPER_TEST"
+      }
+    ]
+  }
+CONFIG
+  #openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout
+  CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem)
+  CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY}
+done
+
+echo "===================================================="
+echo -e "Generate and Signed the client no trust of our certificate: \n-${CLIENT_CERT_TRUST_NO_KEY}-key.pem (certificate key)\n-${CLIENT_CERT_TRUST_NO_KEY}.pem (certificate)\n-${CLIENT_CERT_TRUST_NO_KEY}.csr (sign request)"
+echo "===================================================="
+
+  CLIENT_CERT_ALIAS=$(client_alias_name)
+  CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1))
+
+  cfssl gencert \
+	-ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \
+	-ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \
+	-config ./${TRUST_PATH}/ca-config.json \
+	-profile client \
+	-hostname "${CLIENT_HOST_NAME}" \
+	- \
+	<<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}
+{
+	"CN": "${CLIENT_CERT_TRUST_NO_KEY}"
+}
+CONFIG
+
+echo "===================================================="
+echo -e "Add the client certificate no trust (${CLIENT_CERT_TRUST_NO_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks"
+echo "===================================================="
+cat ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem
+openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -name ${CLIENT_CERT_ALIAS_TRUST_NO} -CAfile ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_NO_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD}
+keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS_TRUST_NO}
+
+
+
 keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12
 
-rm ./${TRUST_PATH}/*.p12
-rm ./${TRUST_PATH}/*.csr
-rm ./${TRUST_PATH}/*.json
-rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}*
-rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}*
 
+rm ./${TRUST_PATH}/*.p12 2> /dev/null
+rm ./${TRUST_PATH}/*.csr 2> /dev/null
+rm ./${TRUST_PATH}/*.json 2> /dev/null
+rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null
+rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null
+
+rm -rf ${TRUST_NO_PATH} 2> /dev/null
 
 rm ./${CLIENT_PATH}/*.p12 2> /dev/null
 rm ./${CLIENT_PATH}/*.csr 2> /dev/null

application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh

@@ -27,11 +27,11 @@ Help()
 }
 
 if [ "$1" == "-h" ] ; then
-    echo -e "Usage 2: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
+    echo -e "Usage 1: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
-    echo -e "Usage 1: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
+    echo -e "Usage 2: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\""
     echo -e "Usage 3: ./`basename $0` true false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are generated\""
     echo -e "Usage 4: ./`basename $0` true false false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are not generated\""
-    echo -e "Usage 4: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\""
+    echo -e "Usage 5: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\""
     echo "This Help File: ./`basename $0` -h"
     exit 0
 fi
@@ -53,13 +53,13 @@ if  [ "$IS_IHFO" = false ] ; then
     ./lwm2m_cfssl_chain_server_for_test.sh > /dev/null 2>&1 &
   fi
   if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then
-    ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 &
+    ./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 &
   fi
 else
     if [ "$IS_SERVER_CREATED_KEY" = true ] ; then
     ./lwm2m_cfssl_chain_server_for_test.sh
   fi
   if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then
-    ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH}
+    ./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH}
   fi
 fi