Andrii Shvaika
4 years ago
214 changed files with 7427 additions and 1690 deletions
File diff suppressed because one or more lines are too long
@ -0,0 +1,207 @@ |
|||
/** |
|||
* Copyright © 2016-2021 The Thingsboard Authors |
|||
* |
|||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|||
* you may not use this file except in compliance with the License. |
|||
* You may obtain a copy of the License at |
|||
* |
|||
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
* |
|||
* Unless required by applicable law or agreed to in writing, software |
|||
* distributed under the License is distributed on an "AS IS" BASIS, |
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
* See the License for the specific language governing permissions and |
|||
* limitations under the License. |
|||
*/ |
|||
package org.thingsboard.server.service.sql; |
|||
|
|||
import com.google.gson.JsonObject; |
|||
import com.google.gson.JsonParser; |
|||
import org.jetbrains.annotations.NotNull; |
|||
import org.junit.After; |
|||
import org.junit.Assert; |
|||
import org.junit.Before; |
|||
import org.junit.Test; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.thingsboard.rule.engine.telemetry.TbMsgTimeseriesNode; |
|||
import org.thingsboard.rule.engine.telemetry.TbMsgTimeseriesNodeConfiguration; |
|||
import org.thingsboard.server.common.data.Device; |
|||
import org.thingsboard.server.common.data.Tenant; |
|||
import org.thingsboard.server.common.data.User; |
|||
import org.thingsboard.server.common.data.asset.Asset; |
|||
import org.thingsboard.server.common.data.id.EntityId; |
|||
import org.thingsboard.server.common.data.kv.BasicTsKvEntry; |
|||
import org.thingsboard.server.common.data.kv.JsonDataEntry; |
|||
import org.thingsboard.server.common.data.kv.LongDataEntry; |
|||
import org.thingsboard.server.common.data.kv.TsKvEntry; |
|||
import org.thingsboard.server.common.data.security.Authority; |
|||
import org.thingsboard.server.common.msg.TbMsg; |
|||
import org.thingsboard.server.common.msg.TbMsgDataType; |
|||
import org.thingsboard.server.common.msg.TbMsgMetaData; |
|||
import org.thingsboard.server.common.msg.session.SessionMsgType; |
|||
import org.thingsboard.server.controller.AbstractControllerTest; |
|||
import org.thingsboard.server.dao.service.DaoSqlTest; |
|||
import org.thingsboard.server.dao.timeseries.TimeseriesService; |
|||
|
|||
import java.util.HashMap; |
|||
import java.util.List; |
|||
import java.util.Map; |
|||
import java.util.Optional; |
|||
import java.util.concurrent.ExecutionException; |
|||
import java.util.concurrent.TimeUnit; |
|||
import java.util.concurrent.TimeoutException; |
|||
|
|||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; |
|||
|
|||
@DaoSqlTest |
|||
public class SequentialTimeseriesPersistenceTest extends AbstractControllerTest { |
|||
|
|||
static final int TIMEOUT = 30; |
|||
|
|||
final String TOTALIZER = "Totalizer"; |
|||
final int TTL = 99999; |
|||
final String GENERIC_CUMULATIVE_OBJ = "genericCumulativeObj"; |
|||
final List<Long> ts = List.of(10L, 20L, 30L, 40L, 60L, 70L, 50L, 80L); |
|||
final List<Long> msgValue = List.of(1L, 2L, 3L, 4L, 5L, 6L, 7L, 8L); |
|||
|
|||
@Autowired |
|||
TimeseriesService timeseriesService; |
|||
|
|||
TbMsgTimeseriesNodeConfiguration configuration; |
|||
Tenant savedTenant; |
|||
User tenantAdmin; |
|||
|
|||
@Before |
|||
public void beforeTest() throws Exception { |
|||
configuration = new TbMsgTimeseriesNodeConfiguration(); |
|||
configuration.setUseServerTs(true); |
|||
|
|||
loginSysAdmin(); |
|||
|
|||
Tenant tenant = new Tenant(); |
|||
tenant.setTitle("My tenant"); |
|||
savedTenant = doPost("/api/tenant", tenant, Tenant.class); |
|||
Assert.assertNotNull(savedTenant); |
|||
|
|||
tenantAdmin = new User(); |
|||
tenantAdmin.setAuthority(Authority.TENANT_ADMIN); |
|||
tenantAdmin.setTenantId(savedTenant.getId()); |
|||
tenantAdmin.setEmail("tenant2@thingsboard.org"); |
|||
tenantAdmin.setFirstName("Joe"); |
|||
tenantAdmin.setLastName("Downs"); |
|||
|
|||
tenantAdmin = createUserAndLogin(tenantAdmin, "testPassword1"); |
|||
} |
|||
|
|||
@After |
|||
public void afterTest() throws Exception { |
|||
loginSysAdmin(); |
|||
doDelete("/api/tenant/" + savedTenant.getId().getId().toString()).andExpect(status().isOk()); |
|||
} |
|||
|
|||
@Test |
|||
public void testSequentialTimeseriesPersistence() throws Exception { |
|||
Asset asset = saveAsset("Asset"); |
|||
|
|||
Device deviceA = saveDevice("Device A"); |
|||
Device deviceB = saveDevice("Device B"); |
|||
Device deviceC = saveDevice("Device C"); |
|||
Device deviceD = saveDevice("Device D"); |
|||
List<Device> devices = List.of(deviceA, deviceB, deviceC, deviceD); |
|||
|
|||
for (int i = 0; i < 2; i++) { |
|||
int idx = i * devices.size(); |
|||
saveLatestTsForAssetAndDevice(devices, asset, idx); |
|||
checkDiffBetweenLatestTsForDevicesAndAsset(devices, asset); |
|||
} |
|||
} |
|||
|
|||
Device saveDevice(String name) throws Exception { |
|||
Device device = new Device(); |
|||
device.setName(name); |
|||
device.setType("default"); |
|||
Device savedDevice = doPost("/api/device", device, Device.class); |
|||
Assert.assertNotNull(savedDevice); |
|||
return savedDevice; |
|||
} |
|||
|
|||
Asset saveAsset(String name) throws Exception { |
|||
Asset asset = new Asset(); |
|||
asset.setName(name); |
|||
asset.setType("default"); |
|||
Asset savedAsset = doPost("/api/asset", asset, Asset.class); |
|||
Assert.assertNotNull(savedAsset); |
|||
return savedAsset; |
|||
} |
|||
|
|||
void saveLatestTsForAssetAndDevice(List<Device> devices, Asset asset, int idx) throws ExecutionException, InterruptedException, TimeoutException { |
|||
for (Device device : devices) { |
|||
TbMsg tbMsg = TbMsg.newMsg(SessionMsgType.POST_TELEMETRY_REQUEST.name(), |
|||
device.getId(), |
|||
getTbMsgMetadata(device.getName(), ts.get(idx)), |
|||
TbMsgDataType.JSON, |
|||
getTbMsgData(msgValue.get(idx))); |
|||
saveDeviceTsEntry(device.getId(), tbMsg, msgValue.get(idx)); |
|||
saveAssetTsEntry(asset, device.getName(), msgValue.get(idx), TbMsgTimeseriesNode.computeTs(tbMsg, configuration.isUseServerTs())); |
|||
idx++; |
|||
} |
|||
} |
|||
|
|||
void checkDiffBetweenLatestTsForDevicesAndAsset(List<Device> devices, Asset asset) throws ExecutionException, InterruptedException, TimeoutException { |
|||
TsKvEntry assetTsKvEntry = getTsKvLatest(asset.getId(), GENERIC_CUMULATIVE_OBJ); |
|||
Assert.assertTrue(assetTsKvEntry.getJsonValue().isPresent()); |
|||
JsonObject assetJsonObject = new JsonParser().parse(assetTsKvEntry.getJsonValue().get()).getAsJsonObject(); |
|||
for (Device device : devices) { |
|||
Long assetValue = assetJsonObject.get(device.getName()).getAsLong(); |
|||
TsKvEntry deviceLatest = getTsKvLatest(device.getId(), TOTALIZER); |
|||
Assert.assertTrue(deviceLatest.getLongValue().isPresent()); |
|||
Long deviceValue = deviceLatest.getLongValue().get(); |
|||
Assert.assertEquals(assetValue, deviceValue); |
|||
} |
|||
} |
|||
|
|||
String getTbMsgData(long value) { |
|||
return "{\"Totalizer\": " + value + "}"; |
|||
} |
|||
|
|||
TbMsgMetaData getTbMsgMetadata(String name, long ts) { |
|||
Map<String, String> metadata = new HashMap<>(); |
|||
metadata.put("deviceName", name); |
|||
metadata.put("ts", String.valueOf(ts)); |
|||
return new TbMsgMetaData(metadata); |
|||
} |
|||
|
|||
void saveDeviceTsEntry(EntityId entityId, TbMsg tbMsg, long value) throws ExecutionException, InterruptedException, TimeoutException { |
|||
TsKvEntry tsKvEntry = new BasicTsKvEntry(TbMsgTimeseriesNode.computeTs(tbMsg, configuration.isUseServerTs()), new LongDataEntry(TOTALIZER, value)); |
|||
saveTimeseries(entityId, tsKvEntry); |
|||
} |
|||
|
|||
void saveAssetTsEntry(Asset asset, String key, long value, long ts) throws ExecutionException, InterruptedException, TimeoutException { |
|||
Optional<String> tsKvEntryOpt = getTsKvLatest(asset.getId(), GENERIC_CUMULATIVE_OBJ).getJsonValue(); |
|||
TsKvEntry saveTsKvEntry = new BasicTsKvEntry(ts, new JsonDataEntry(GENERIC_CUMULATIVE_OBJ, getJsonObject(key, value, tsKvEntryOpt).toString())); |
|||
saveTimeseries(asset.getId(), saveTsKvEntry); |
|||
} |
|||
|
|||
@NotNull |
|||
JsonObject getJsonObject(String key, long value, Optional<String> tsKvEntryOpt) { |
|||
JsonObject jsonObject = new JsonObject(); |
|||
if (tsKvEntryOpt.isPresent()) { |
|||
jsonObject = new JsonParser().parse(tsKvEntryOpt.get()).getAsJsonObject(); |
|||
} |
|||
jsonObject.addProperty(key, value); |
|||
return jsonObject; |
|||
} |
|||
|
|||
void saveTimeseries(EntityId entityId, TsKvEntry saveTsKvEntry) throws InterruptedException, ExecutionException, TimeoutException { |
|||
timeseriesService.save(savedTenant.getId(), entityId, List.of(saveTsKvEntry), TTL).get(TIMEOUT, TimeUnit.SECONDS); |
|||
} |
|||
|
|||
TsKvEntry getTsKvLatest(EntityId entityId, String key) throws InterruptedException, ExecutionException, TimeoutException { |
|||
List<TsKvEntry> tsKvEntries = timeseriesService.findLatest( |
|||
savedTenant.getTenantId(), |
|||
entityId, |
|||
List.of(key)).get(TIMEOUT, TimeUnit.SECONDS); |
|||
Assert.assertEquals(1, tsKvEntries.size()); |
|||
return tsKvEntries.get(0); |
|||
} |
|||
} |
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,359 +0,0 @@ |
|||
#!/bin/sh |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password |
|||
|
|||
#p) CLIENT_CN=$CLIENT_PREFIX00000000 |
|||
#s) client_start=0 |
|||
#f) client_finish=1 |
|||
#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000 |
|||
#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000 |
|||
#b) BOOTSTRAP_ALIAS=bootstrap |
|||
#d) SERVER_ALIAS=server |
|||
#j) SERVER_STORE=serverKeyStore.jks |
|||
#k) CLIENT_STORE=clientKeyStore.jks |
|||
#c) CLIENT_STORE_PWD=client_ks_password |
|||
#w) SERVER_STORE_PWD=server_ks_password |
|||
#l) ROOT_KEY_ALIAS=root_key_alias |
|||
|
|||
while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do |
|||
case "${flag}" in |
|||
p) client_pref=${OPTARG} ;; |
|||
s) client_start=${OPTARG} ;; |
|||
f) client_finish=${OPTARG} ;; |
|||
a) client_alias_pref=${OPTARG} ;; |
|||
e) client_self_alias_pref=${OPTARG} ;; |
|||
b) bootstrap_alias=${OPTARG} ;; |
|||
d) server_alias=${OPTARG} ;; |
|||
j) key_store_server_file=${OPTARG} ;; |
|||
k) key_store_client_file=${OPTARG} ;; |
|||
c) client_key_store_pwd=${OPTARG} ;; |
|||
w) server_key_store_pwd=${OPTARG} ;; |
|||
w) root_key_alias=${OPTARG} ;; |
|||
esac |
|||
done |
|||
|
|||
# cd to dir of script |
|||
script_dir=$(dirname $0) |
|||
echo "script_dir: $script_dir" |
|||
cd $script_dir |
|||
# source the properties: |
|||
. ./lwM2M_keygen.properties |
|||
|
|||
if [ -n "$client_pref" ]; then |
|||
CLIENT_PREFIX=$client_pref |
|||
fi |
|||
|
|||
if [ -z "$client_start" ]; then |
|||
client_start=0 |
|||
fi |
|||
|
|||
if [ -z "$client_finish" ]; then |
|||
client_finish=1 |
|||
fi |
|||
|
|||
if [ -n "$client_alias_pref" ]; then |
|||
CLIENT_ALIAS_PREFIX=$client_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$client_self_alias_pref" ]; then |
|||
CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$bootstrap_alias" ]; then |
|||
BOOTSTRAP_ALIAS=$bootstrap_alias |
|||
fi |
|||
|
|||
if [ -n "$server_alias" ]; then |
|||
SERVER_ALIAS=$server_alias |
|||
fi |
|||
|
|||
if [ -n "$key_store_server_file" ]; then |
|||
SERVER_STORE=$key_store_server_file |
|||
fi |
|||
|
|||
if [ -n "$key_store_client_file" ]; then |
|||
CLIENT_STORE=$key_store_client_file |
|||
fi |
|||
|
|||
if [ -n "$client_key_store_pwd" ]; then |
|||
CLIENT_STORE_PWD=$client_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$server_key_store_pwd" ]; then |
|||
SERVER_STORE_PWD=$server_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$root_key_alias" ]; then |
|||
ROOT_KEY_ALIAS=$root_key_alias |
|||
fi |
|||
|
|||
CLIENT_NUMBER=$client_start |
|||
|
|||
echo "==Start==" |
|||
echo "CLIENT_PREFIX: $CLIENT_PREFIX" |
|||
echo "client_start: $client_start" |
|||
echo "client_finish: $client_finish" |
|||
echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX" |
|||
echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX" |
|||
echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS" |
|||
echo "SERVER_ALIAS: $SERVER_ALIAS" |
|||
echo "SERVER_STORE: $SERVER_STORE" |
|||
echo "CLIENT_STORE: $CLIENT_STORE" |
|||
echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD" |
|||
echo "SERVER_STORE_PWD: $SERVER_STORE_PWD" |
|||
echo "CLIENT_NUMBER: $CLIENT_NUMBER" |
|||
echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS" |
|||
|
|||
end_point() { |
|||
echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_alias_point() { |
|||
echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_self_alias_point() { |
|||
echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
# Generation of the keystore. |
|||
echo "${H0}====START========${RESET}" |
|||
echo "${H1}Server Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating the trusted root CA key and certificate...${RESET}" |
|||
# -keysize |
|||
# 1024 (when using -genkeypair) |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating server key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating server certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $SERVER_ALIAS \ |
|||
-dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}" |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
fi |
|||
|
|||
cert_end_point() { |
|||
echo |
|||
echo "${H1}Client Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $CLIENT_STORE_PWD \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_SELF_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
# |
|||
# echo |
|||
# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}" |
|||
# keytool \ |
|||
# -exportcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $SERVER_STORE \ |
|||
# -storepass $SERVER_STORE_PWD | |
|||
# keytool \ |
|||
# -importcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $CLIENT_STORE \ |
|||
# -storepass $CLIENT_STORE_PWD \ |
|||
# -noprompt |
|||
# |
|||
|
|||
echo |
|||
echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
} |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "==Start Client==" |
|||
while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do |
|||
echo "number $CLIENT_NUMBER" |
|||
echo "finish $client_finish" |
|||
CLIENT_CN=$(end_point) |
|||
CLIENT_ALIAS=$(client_alias_point) |
|||
CLIENT_SELF_ALIAS=$(client_self_alias_point) |
|||
echo "CLIENT_CN $CLIENT_CN" |
|||
echo "CLIENT_ALIAS $CLIENT_ALIAS" |
|||
echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS" |
|||
cert_end_point |
|||
CLIENT_NUMBER=$(($CLIENT_NUMBER + 1)) |
|||
echo |
|||
done |
|||
fi |
|||
|
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $SERVER_STORE \ |
|||
-destkeystore $SERVER_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $CLIENT_STORE \ |
|||
-destkeystore $CLIENT_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $CLIENT_STORE_PWD |
|||
fi |
|||
@ -1,57 +0,0 @@ |
|||
# |
|||
# Copyright © 2016-2017 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
# Keystore common parameters |
|||
ROOT_KEY_ALIAS=rootCA |
|||
DOMAIN_SUFFIX="$(hostname)" |
|||
ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS" |
|||
ORGANIZATIONAL_UNIT=Thingsboard |
|||
ORGANIZATION=Thingsboard |
|||
CITY=SF |
|||
STATE_OR_PROVINCE=CA |
|||
TWO_LETTER_COUNTRY_CODE=US |
|||
VALIDITY=36500 #days |
|||
STORETYPE="JKS" |
|||
|
|||
#Server |
|||
SERVER_STORE=serverKeyStore1.jks |
|||
SERVER_STORE_PWD=server_ks_password1 |
|||
SERVER_ALIAS=server1 |
|||
SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA" |
|||
SERVER_SELF_ALIAS=server_self_signed |
|||
SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed" |
|||
BOOTSTRAP_ALIAS=bootstrap1 |
|||
BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA" |
|||
BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed |
|||
BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed" |
|||
|
|||
# Client |
|||
CLIENT_STORE=clientKeyStore1.jks |
|||
CLIENT_STORE_PWD=client_ks_password1 |
|||
CLIENT_ALIAS_PREFIX=client_alias_1 |
|||
CLIENT_PREFIX=LwX509___ |
|||
CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1 |
|||
CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed" |
|||
|
|||
# Color output stuff |
|||
red=`tput setaf 1` |
|||
green=`tput setaf 2` |
|||
blue=`tput setaf 4` |
|||
bold=`tput bold` |
|||
H0=${red}${bold} |
|||
H1=${green}${bold} |
|||
H2=${blue} |
|||
RESET=`tput sgr0` |
|||
Binary file not shown.
File diff suppressed because one or more lines are too long
@ -0,0 +1,423 @@ |
|||
#!/usr/bin/env bash |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
|
|||
# Change working directory |
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
readonly TRUST_PATH="Trust" |
|||
readonly CA_ROOT_CERT_KEY="ca-root" |
|||
readonly CA_ROOT_ALIAS="root" |
|||
readonly CA_INTERMEDIATE_CERT_KEY_PREF="intermediate_ca" |
|||
CA_INTERMEDIATE_START=0 |
|||
CA_INTERMEDIATE_FINISH=2 |
|||
CA_INTERMEDIATE_NUMBER=${CA_INTERMEDIATE_START} |
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
readonly CA_TRUST_STORE_ALL_CHAIN="lwm2mtruststorechain" |
|||
readonly CA_TRUST_STORE_PWD="server_ks_password" |
|||
readonly CA_TRUST_CERT_ALIAS="root" |
|||
readonly CA_TRUST_CERT_CHAIN_JKS="lwm2mtruststorechain" |
|||
readonly CA_TRUST_STORE_CHAIN_ALIAS="trust_cert_chain_alias" |
|||
|
|||
readonly CLIENT_PATH="Client" |
|||
readonly CLIENT_JKS_FOR_TEST="lwm2mclient" |
|||
readonly CLIENT_CERT_KEY_PREF="LwX509" |
|||
readonly CLIENT_CERT_ALIAS_PREF="client_alias_" |
|||
readonly CLIENT_STORE_PWD="client_ks_password" |
|||
readonly CLIENT_HOST_NAME="thingsboard_test.io" |
|||
|
|||
readonly TRUST_NO_PATH="TrustNo" |
|||
readonly CA_ROOT_NO_ALIAS="root-no" |
|||
readonly CLIENT_CERT_TRUST_NO_KEY="LwX509TrustNo" |
|||
readonly CLIENT_CERT_ALIAS_TRUST_NO="client_alias_trust_no" |
|||
|
|||
CLIENT_START=0 |
|||
CLIENT_FINISH=1 |
|||
CLIENT_NUMBER=${CLIENT_START} |
|||
|
|||
SERVER_HOST_NAME="localhost.localdomain" |
|||
SERVER_LOCAL_HOST_NAME="localhost" |
|||
SERVER_PUBLIC_HOST_NAMES="-" |
|||
|
|||
readonly CF_COMMANDS=" |
|||
cfssl |
|||
cfssljson |
|||
" |
|||
|
|||
if [ ! -z "$1" ]; then |
|||
CA_INTERMEDIATE_START=$1 |
|||
CA_INTERMEDIATE_NUMBER=${CA_INTERMEDIATE_START} |
|||
fi |
|||
|
|||
if [ ! -z "$2" ]; then |
|||
CA_INTERMEDIATE_FINISH=$2 |
|||
fi |
|||
|
|||
if [ ! -z "$3" ]; then |
|||
CLIENT_START=$1 |
|||
CLIENT_NUMBER=${CLIENT_START} |
|||
fi |
|||
|
|||
if [ ! -z "$4" ]; then |
|||
CLIENT_FINISH=$4 |
|||
fi |
|||
|
|||
# Change working directory |
|||
rm -rf ${TRUST_PATH} |
|||
mkdir -p ${TRUST_PATH} |
|||
rm -rf ${TRUST_NO_PATH} |
|||
mkdir -p ${TRUST_NO_PATH} |
|||
rm -rf ${CLIENT_PATH} |
|||
mkdir -p ${CLIENT_PATH} |
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
|
|||
rm *.csr |
|||
rm *.p12 |
|||
rm *.json |
|||
rm *.pem |
|||
rm *.jks |
|||
|
|||
intermediate_common_name() { |
|||
echo "${CA_INTERMEDIATE_CERT_KEY_PREF}${CA_INTERMEDIATE_NUMBER}" |
|||
} |
|||
|
|||
set_list_sert_for_cat() { |
|||
local first="$1" |
|||
echo "$first ${CA_LIST_CERT_FOR_CAT}" |
|||
} |
|||
|
|||
client_common_name() { |
|||
echo "${CLIENT_CERT_KEY_PREF}$(printf "%08d" ${CLIENT_NUMBER})" |
|||
} |
|||
|
|||
client_alias_name() { |
|||
echo "${CLIENT_CERT_ALIAS_PREF}$(printf "%08d" ${CLIENT_NUMBER})" |
|||
} |
|||
|
|||
for COMMAND in ${CF_COMMANDS}; do |
|||
if ! command -v ${COMMAND} &> /dev/null; then |
|||
echo "ERROR: Missing command ${COMMAND}" >&2 |
|||
echo "Install the package from: https://pkg.cfssl.org/" >&2 |
|||
exit 1 |
|||
fi |
|||
done |
|||
|
|||
tee ./${TRUST_PATH}/ca-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "8760h", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
}, |
|||
"profiles": { |
|||
"server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth" |
|||
] |
|||
}, |
|||
"client": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"client auth" |
|||
] |
|||
}, |
|||
"client-server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth", |
|||
"client auth" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
tee ./${TRUST_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "43800h", |
|||
"ca_constraint": { |
|||
"is_ca": true, |
|||
"max_path_len": 0, |
|||
"max_path_len_zero": true |
|||
}, |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"digital signature", |
|||
"cert sign", |
|||
"crl sign", |
|||
"signing" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate the root of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl genkey \ |
|||
-initca \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_PATH}/${CA_ROOT_CERT_KEY} |
|||
{ |
|||
"CN": "ROOT CA", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
], |
|||
"ca": { |
|||
"expiry": "131400h" |
|||
} |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}.pem) |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]]; |
|||
do |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
#openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} |
|||
done |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the CA_certificate to keystore: ${CA_TRUST_CERT_CHAIN_JKS}.jks" |
|||
echo "====================================================" |
|||
cat ${CA_LIST_CERT_FOR_CAT} > ./${TRUST_PATH}/${CA_TRUST_STORE_ALL_CHAIN}.pem |
|||
openssl pkcs12 -export -in ./${TRUST_PATH}/${CA_TRUST_STORE_ALL_CHAIN}.pem -inkey ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem -out ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.p12 -name ${CA_TRUST_STORE_CHAIN_ALIAS} -CAfile ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${CA_TRUST_STORE_PWD} -passout pass:${CA_TRUST_STORE_PWD} |
|||
keytool -importkeystore -deststorepass ${CA_TRUST_STORE_PWD} -destkeypass ${CA_TRUST_STORE_PWD} -destkeystore ./${TRUST_PATH}/${CA_TRUST_CERT_CHAIN_JKS}.jks -srckeystore ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CA_TRUST_STORE_PWD} -alias ${CA_TRUST_STORE_CHAIN_ALIAS} |
|||
|
|||
keytool -list -v -keystore ./${TRUST_PATH}/lwm2mtruststorechain.jks -storepass server_ks_password -storetype PKCS12 |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the clients of our certificates: \n-${CLIENT_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CLIENT_CERT_KEY_PREF}?.pem (certificate)\n-${CCLIENT_CERT_KEY_PREF}?.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
|
|||
while [[ ${CLIENT_NUMBER} -lt ${CLIENT_FINISH} ]]; |
|||
do |
|||
CLIENT_CERT_KEY=$(client_common_name) |
|||
CLIENT_CERT_ALIAS=$(client_alias_name) |
|||
CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-config.json \ |
|||
-profile client \ |
|||
-hostname "${CLIENT_HOST_NAME}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_KEY} |
|||
{ |
|||
"CN": "${CLIENT_CERT_KEY}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the client certificate (${CLIENT_CERT_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_KEY}_chain.pem |
|||
openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.p12 -name ${CLIENT_CERT_ALIAS} -CAfile ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD} |
|||
keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS} |
|||
|
|||
done |
|||
|
|||
#keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12 |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate the root no trust in ${TRUST_NO_PATH} of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl genkey \ |
|||
-initca \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY} |
|||
{ |
|||
"CN": "ROOT CA NO TRUST", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
], |
|||
"ca": { |
|||
"expiry": "131400h" |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY}.pem) |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the intermediates of our no trust in ${TRUST_NO_PATH} certificate: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
CA_INTERMEDIATE_NUMBER=0 |
|||
while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]]; |
|||
do |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}_TRUST_NO", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
#openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} |
|||
done |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the client no trust of our certificate: \n-${CLIENT_CERT_TRUST_NO_KEY}-key.pem (certificate key)\n-${CLIENT_CERT_TRUST_NO_KEY}.pem (certificate)\n-${CLIENT_CERT_TRUST_NO_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
CLIENT_CERT_ALIAS=$(client_alias_name) |
|||
CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-config.json \ |
|||
-profile client \ |
|||
-hostname "${CLIENT_HOST_NAME}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY} |
|||
{ |
|||
"CN": "${CLIENT_CERT_TRUST_NO_KEY}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the client certificate no trust (${CLIENT_CERT_TRUST_NO_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem |
|||
openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -name ${CLIENT_CERT_ALIAS_TRUST_NO} -CAfile ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_NO_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD} |
|||
keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS_TRUST_NO} |
|||
|
|||
|
|||
|
|||
keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12 |
|||
|
|||
|
|||
rm ./${TRUST_PATH}/*.p12 2> /dev/null |
|||
rm ./${TRUST_PATH}/*.csr 2> /dev/null |
|||
rm ./${TRUST_PATH}/*.json 2> /dev/null |
|||
rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null |
|||
rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null |
|||
|
|||
rm -rf ${TRUST_NO_PATH} 2> /dev/null |
|||
|
|||
rm ./${CLIENT_PATH}/*.p12 2> /dev/null |
|||
rm ./${CLIENT_PATH}/*.csr 2> /dev/null |
|||
@ -0,0 +1,81 @@ |
|||
#!/usr/bin/env bash |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
|
|||
readonly INTERMEDIATE_START=0 |
|||
readonly INTERMEDIATE_FINISH=2 |
|||
readonly CLIENT_START=0 |
|||
readonly CLIENT_FINISH=5 |
|||
|
|||
IS_IHFO=false |
|||
IS_SERVER_CREATED_KEY=true |
|||
IS_TRUST_CLIENT_CREATED_KEY=true |
|||
|
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
Help() |
|||
{ |
|||
# Display Help |
|||
echo "Description of the script functions." |
|||
echo |
|||
echo "Syntax: scriptTemplate [-g|h|v|V]" |
|||
echo "options:" |
|||
echo "h Print this Help." |
|||
echo "v Verbose mode." |
|||
echo "V Print software version and exit." |
|||
echo |
|||
} |
|||
|
|||
if [ "$1" == "-h" ] ; then |
|||
echo -e "Usage 1: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" |
|||
echo -e "Usage 2: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" |
|||
echo -e "Usage 3: ./`basename $0` true false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are generated\"" |
|||
echo -e "Usage 4: ./`basename $0` true false false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are not generated\"" |
|||
echo -e "Usage 5: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\"" |
|||
echo "This Help File: ./`basename $0` -h" |
|||
exit 0 |
|||
fi |
|||
|
|||
if [ -n "$1" ]; then |
|||
IS_IHFO=$1 |
|||
fi |
|||
|
|||
if [ -n "$2" ]; then |
|||
IS_SERVER_CREATED_KEY=$2 |
|||
fi |
|||
|
|||
if [ -n "$3" ]; then |
|||
IS_TRUST_CLIENT_CREATED_KEY=$3 |
|||
fi |
|||
|
|||
if [ "$IS_IHFO" = false ] ; then |
|||
if [ "$IS_SERVER_CREATED_KEY" = true ] ; then |
|||
./lwm2m_cfssl_chain_server_for_test.sh > /dev/null 2>&1 & |
|||
fi |
|||
if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then |
|||
./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 & |
|||
fi |
|||
else |
|||
if [ "$IS_SERVER_CREATED_KEY" = true ] ; then |
|||
./lwm2m_cfssl_chain_server_for_test.sh |
|||
fi |
|||
if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then |
|||
./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} |
|||
fi |
|||
fi |
|||
@ -0,0 +1,314 @@ |
|||
#!/usr/bin/env bash |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
|
|||
# REF: https://github.com/cloudflare/cfssl |
|||
|
|||
# Change working directory |
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
readonly CA_ROOT_CERT_KEY="ca-root" |
|||
readonly CA_ROOT_ALIAS="root" |
|||
readonly CA_INTERMEDIATE_CERT_KEY_PREF="intermediate_ca" |
|||
CA_INTERMEDIATE_NUMBER=0 |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
|
|||
readonly CF_COMMANDS=" |
|||
cfssl |
|||
cfssljson |
|||
" |
|||
|
|||
readonly SERVER_JKS_FOR_TEST="lwm2mserver" |
|||
readonly STORE_PASS_PWD="server_ks_password" |
|||
readonly SERVER_PATH="Server" |
|||
readonly SERVER_CERT_KEY="lwm2mserver" |
|||
readonly SERVER_CERT_CHAIN="lwm2mserver_chain" |
|||
readonly SERVER_CERT_ALIAS="server" |
|||
readonly BS_SERVER_CERT_KEY="lwm2mserverbs" |
|||
readonly BS_SERVER_CERT_CHAIN="lwm2mserverbs_chain" |
|||
readonly BS_SERVER_CERT_ALIAS="bootstrap" |
|||
|
|||
SERVER_HOST_NAME="localhost.localdomain" |
|||
SERVER_LOCAL_HOST_NAME="localhost" |
|||
SERVER_PUBLIC_HOST_NAMES="-" |
|||
|
|||
intermediate_common_name() { |
|||
echo "${CA_INTERMEDIATE_CERT_KEY_PREF}${CA_INTERMEDIATE_NUMBER}" |
|||
} |
|||
|
|||
set_list_sert_for_cat() { |
|||
local first="$1" |
|||
echo "$first ${CA_LIST_CERT_FOR_CAT}" |
|||
} |
|||
|
|||
|
|||
# Change working directory |
|||
rm -rf ${SERVER_PATH} |
|||
mkdir -p ${SERVER_PATH} |
|||
|
|||
cd -- "$( |
|||
dirname ./${SERVER_PATH} |
|||
)" || exit 1 |
|||
|
|||
|
|||
rm *.csr |
|||
rm *.p12 |
|||
rm *.json |
|||
rm *.pem |
|||
rm *.jks |
|||
|
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
|
|||
for COMMAND in ${CF_COMMANDS}; do |
|||
if ! command -v ${COMMAND} &> /dev/null; then |
|||
echo "ERROR: Missing command ${COMMAND}" >&2 |
|||
echo "Install the package from: https://pkg.cfssl.org/" >&2 |
|||
exit 1 |
|||
fi |
|||
done |
|||
|
|||
tee ./${SERVER_PATH}/ca-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "8760h", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
}, |
|||
"profiles": { |
|||
"server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth" |
|||
] |
|||
}, |
|||
"client": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"client auth" |
|||
] |
|||
}, |
|||
"client-server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth", |
|||
"client auth" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
tee ./${SERVER_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "43800h", |
|||
"ca_constraint": { |
|||
"is_ca": true, |
|||
"max_path_len": 0, |
|||
"max_path_len_zero": true |
|||
}, |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"digital signature", |
|||
"cert sign", |
|||
"crl sign", |
|||
"signing" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate the root of certificates: \n-${CA_ROOT_KEY}-key.pem (certificate key)\n-${CA_ROOT_KEY}.pem (certificate)\n-${CA_ROOT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl genkey \ |
|||
-initca \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_ROOT_CERT_KEY} |
|||
{ |
|||
"CN": "ROOT CA for servers", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
], |
|||
"ca": { |
|||
"expiry": "131400h" |
|||
} |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_ROOT_CERT_KEY}.pem) |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the first intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY}-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY}.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
|
|||
|
|||
## Lwm2m Server certificate |
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the server certificate: \n-${SERVER_CERT_KEY}-key.pem (certificate key)\n-${SERVER_CERT_KEY}.pem (certificate)\n-${SERVER_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-config.json \ |
|||
-profile server \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${SERVER_CERT_KEY} |
|||
{ |
|||
"CN": "${SERVER_LOCAL_HOST_NAME}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the server certificate (${SERVER_CERT_KEY}.pem) to keystore: ${SERVER_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${SERVER_PATH}/${SERVER_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${SERVER_PATH}/${SERVER_CERT_CHAIN}.pem |
|||
openssl pkcs12 -export -in ./${SERVER_PATH}/${SERVER_CERT_CHAIN}.pem -inkey ./${SERVER_PATH}/${SERVER_CERT_KEY}-key.pem -out ./${SERVER_PATH}/${SERVER_CERT_KEY}.p12 -name ${SERVER_CERT_ALIAS} -CAfile ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${STORE_PASS_PWD} -passout pass:${STORE_PASS_PWD} |
|||
keytool -importkeystore -deststorepass ${STORE_PASS_PWD} -destkeypass ${STORE_PASS_PWD} -destkeystore ./${SERVER_PATH}/${SERVER_JKS_FOR_TEST}.jks -srckeystore ./${SERVER_PATH}/${SERVER_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${STORE_PASS_PWD} -alias ${SERVER_CERT_ALIAS} |
|||
|
|||
|
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the second intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY}-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY}.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
|
|||
## Bootstrap server certificate |
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the server certificate: \n-${BS_SERVER_CERT_KEY}-key.pem (certificate key)\n-${BS_SERVER_CERT_KEY}.pem (certificate)\n-${BS_SERVER_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-config.json \ |
|||
-profile server \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${BS_SERVER_CERT_KEY} |
|||
{ |
|||
"CN": "${SERVER_LOCAL_HOST_NAME}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the Bootstrap server certificate (${BS_SERVER_CERT_KEY}.pem) to keystore: ${SERVER_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${SERVER_PATH}/${BS_SERVER_CERT_CHAIN}.pem |
|||
openssl pkcs12 -export -in ./${SERVER_PATH}/${BS_SERVER_CERT_CHAIN}.pem -inkey ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}-key.pem -out ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.p12 -name ${BS_SERVER_CERT_ALIAS} -CAfile ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${STORE_PASS_PWD} -passout pass:${STORE_PASS_PWD} |
|||
keytool -importkeystore -deststorepass ${STORE_PASS_PWD} -destkeypass ${STORE_PASS_PWD} -destkeystore ./${SERVER_PATH}/${SERVER_JKS_FOR_TEST}.jks -srckeystore ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${STORE_PASS_PWD} -alias ${BS_SERVER_CERT_ALIAS} |
|||
|
|||
|
|||
keytool -list -v -keystore ./${SERVER_PATH}/lwm2mserver.jks -storepass server_ks_password -storetype PKCS12 |
|||
|
|||
rm ./${SERVER_PATH}/*.p12 2> /dev/null |
|||
rm ./${SERVER_PATH}/*.csr 2> /dev/null |
|||
rm ./${SERVER_PATH}/*.json 2> /dev/null |
|||
rm ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null |
|||
rm ./${SERVER_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null |
|||
mv ./${SERVER_PATH}/${SERVER_CERT_KEY}-key.pem ./${SERVER_PATH}/${SERVER_CERT_KEY}_key.pem |
|||
mv ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}-key.pem ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}_key.pem |
|||
|
|||
@ -1,360 +0,0 @@ |
|||
#!/bin/sh |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password |
|||
|
|||
#p) CLIENT_CN=$CLIENT_PREFIX00000000 |
|||
#s) client_start=0 |
|||
#f) client_finish=1 |
|||
#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000 |
|||
#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000 |
|||
#b) BOOTSTRAP_ALIAS=bootstrap |
|||
#d) SERVER_ALIAS=server |
|||
#j) SERVER_STORE=serverKeyStore.jks |
|||
#k) CLIENT_STORE=clientKeyStore.jks |
|||
#c) CLIENT_STORE_PWD=client_ks_password |
|||
#w) SERVER_STORE_PWD=server_ks_password |
|||
#l) ROOT_KEY_ALIAS=root_key_alias |
|||
|
|||
while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do |
|||
case "${flag}" in |
|||
p) client_pref=${OPTARG} ;; |
|||
s) client_start=${OPTARG} ;; |
|||
f) client_finish=${OPTARG} ;; |
|||
a) client_alias_pref=${OPTARG} ;; |
|||
e) client_self_alias_pref=${OPTARG} ;; |
|||
b) bootstrap_alias=${OPTARG} ;; |
|||
d) server_alias=${OPTARG} ;; |
|||
j) key_store_server_file=${OPTARG} ;; |
|||
k) key_store_client_file=${OPTARG} ;; |
|||
c) client_key_store_pwd=${OPTARG} ;; |
|||
w) server_key_store_pwd=${OPTARG} ;; |
|||
w) root_key_alias=${OPTARG} ;; |
|||
esac |
|||
done |
|||
|
|||
# cd to dir of script |
|||
script_dir=$(dirname $0) |
|||
echo "script_dir: $script_dir" |
|||
cd $script_dir |
|||
# source the properties: |
|||
. ./lwM2M_keygen.properties |
|||
|
|||
if [ -n "$client_pref" ]; then |
|||
CLIENT_PREFIX=$client_pref |
|||
fi |
|||
|
|||
if [ -z "$client_start" ]; then |
|||
client_start=0 |
|||
fi |
|||
|
|||
if [ -z "$client_finish" ]; then |
|||
client_finish=1 |
|||
fi |
|||
|
|||
if [ -n "$client_alias_pref" ]; then |
|||
CLIENT_ALIAS_PREFIX=$client_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$client_self_alias_pref" ]; then |
|||
CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$bootstrap_alias" ]; then |
|||
BOOTSTRAP_ALIAS=$bootstrap_alias |
|||
fi |
|||
|
|||
if [ -n "$server_alias" ]; then |
|||
SERVER_ALIAS=$server_alias |
|||
fi |
|||
|
|||
if [ -n "$key_store_server_file" ]; then |
|||
SERVER_STORE=$key_store_server_file |
|||
fi |
|||
|
|||
if [ -n "$key_store_client_file" ]; then |
|||
CLIENT_STORE=$key_store_client_file |
|||
fi |
|||
|
|||
if [ -n "$client_key_store_pwd" ]; then |
|||
CLIENT_STORE_PWD=$client_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$server_key_store_pwd" ]; then |
|||
SERVER_STORE_PWD=$server_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$root_key_alias" ]; then |
|||
ROOT_KEY_ALIAS=$root_key_alias |
|||
fi |
|||
|
|||
CLIENT_NUMBER=$client_start |
|||
|
|||
echo "==Start==" |
|||
echo "CLIENT_PREFIX: $CLIENT_PREFIX" |
|||
echo "client_start: $client_start" |
|||
echo "client_finish: $client_finish" |
|||
echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX" |
|||
echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX" |
|||
echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS" |
|||
echo "SERVER_ALIAS: $SERVER_ALIAS" |
|||
echo "SERVER_STORE: $SERVER_STORE" |
|||
echo "CLIENT_STORE: $CLIENT_STORE" |
|||
echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD" |
|||
echo "SERVER_STORE_PWD: $SERVER_STORE_PWD" |
|||
echo "CLIENT_NUMBER: $CLIENT_NUMBER" |
|||
echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS" |
|||
|
|||
end_point() { |
|||
echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_alias_point() { |
|||
echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_self_alias_point() { |
|||
echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
# Generation of the keystore. |
|||
echo "${H0}====START========${RESET}" |
|||
echo "${H1}Server Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating the trusted root CA key and certificate...${RESET}" |
|||
# -keysize |
|||
# 1024 (when using -genkeypair) |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating server key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating server certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $SERVER_ALIAS \ |
|||
-dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}" |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
fi |
|||
|
|||
cert_end_point() { |
|||
echo |
|||
echo "${H1}Client Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $CLIENT_STORE_PWD \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_SELF_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
# |
|||
# echo |
|||
# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}" |
|||
# keytool \ |
|||
# -exportcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $SERVER_STORE \ |
|||
# -storepass $SERVER_STORE_PWD | |
|||
# keytool \ |
|||
# -importcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $CLIENT_STORE \ |
|||
# -storepass $CLIENT_STORE_PWD \ |
|||
# -noprompt |
|||
# |
|||
|
|||
echo |
|||
echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
} |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
|
|||
echo |
|||
echo "==Start Client==" |
|||
while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do |
|||
echo "number $CLIENT_NUMBER" |
|||
echo "finish $client_finish" |
|||
CLIENT_CN=$(end_point) |
|||
CLIENT_ALIAS=$(client_alias_point) |
|||
CLIENT_SELF_ALIAS=$(client_self_alias_point) |
|||
echo "CLIENT_CN $CLIENT_CN" |
|||
echo "CLIENT_ALIAS $CLIENT_ALIAS" |
|||
echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS" |
|||
cert_end_point |
|||
CLIENT_NUMBER=$(($CLIENT_NUMBER + 1)) |
|||
echo |
|||
done |
|||
fi |
|||
|
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $SERVER_STORE \ |
|||
-destkeystore $SERVER_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $CLIENT_STORE \ |
|||
-destkeystore $CLIENT_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $CLIENT_STORE_PWD |
|||
fi |
|||
@ -1,57 +0,0 @@ |
|||
# |
|||
# Copyright © 2016-2017 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
# Keystore common parameters |
|||
ROOT_KEY_ALIAS=rootCA |
|||
DOMAIN_SUFFIX="$(hostname)" |
|||
ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS" |
|||
ORGANIZATIONAL_UNIT=Thingsboard |
|||
ORGANIZATION=Thingsboard |
|||
CITY=SF |
|||
STATE_OR_PROVINCE=CA |
|||
TWO_LETTER_COUNTRY_CODE=US |
|||
VALIDITY=36500 #days |
|||
STORETYPE="JKS" |
|||
|
|||
#Server |
|||
SERVER_STORE=serverKeyStore1.jks |
|||
SERVER_STORE_PWD=server_ks_password1 |
|||
SERVER_ALIAS=server1 |
|||
SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA" |
|||
SERVER_SELF_ALIAS=server_self_signed |
|||
SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed" |
|||
BOOTSTRAP_ALIAS=bootstrap1 |
|||
BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA" |
|||
BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed |
|||
BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed" |
|||
|
|||
# Client |
|||
CLIENT_STORE=clientKeyStore1.jks |
|||
CLIENT_STORE_PWD=client_ks_password1 |
|||
CLIENT_ALIAS_PREFIX=client_alias_1 |
|||
CLIENT_PREFIX=LwX509___ |
|||
CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1 |
|||
CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed" |
|||
|
|||
# Color output stuff |
|||
red=`tput setaf 1` |
|||
green=`tput setaf 2` |
|||
blue=`tput setaf 4` |
|||
bold=`tput bold` |
|||
H0=${red}${bold} |
|||
H1=${green}${bold} |
|||
H2=${blue} |
|||
RESET=`tput sgr0` |
|||
Binary file not shown.
File diff suppressed because it is too large
@ -0,0 +1,57 @@ |
|||
<!-- |
|||
|
|||
Copyright © 2016-2021 The Thingsboard Authors |
|||
|
|||
Licensed under the Apache License, Version 2.0 (the "License"); |
|||
you may not use this file except in compliance with the License. |
|||
You may obtain a copy of the License at |
|||
|
|||
http://www.apache.org/licenses/LICENSE-2.0 |
|||
|
|||
Unless required by applicable law or agreed to in writing, software |
|||
distributed under the License is distributed on an "AS IS" BASIS, |
|||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
See the License for the specific language governing permissions and |
|||
limitations under the License. |
|||
|
|||
--> |
|||
<mat-card class="settings-card"> |
|||
<mat-toolbar class="details-toolbar"> |
|||
<div class="mat-toolbar-tools" fxLayout="row" fxLayoutAlign="start center"> |
|||
<div class="tb-details-title-header" fxLayout="column" fxLayoutAlign="center start"> |
|||
<div class="tb-details-title tb-ellipsis">{{ headerTitle }}</div> |
|||
<div class="tb-details-subtitle tb-ellipsis">{{ headerSubtitle }}</div> |
|||
</div> |
|||
<div class="tb-help" [tb-help]="helpLinkId()"></div> |
|||
<span fxFlex></span> |
|||
<section *ngIf="!isReadOnly" fxLayout="row" class="tb-header-button" fxLayoutGap="8px"> |
|||
<button [disabled]="(isLoading$ | async) || detailsForm.invalid || !detailsForm.dirty" |
|||
mat-fab |
|||
matTooltip="{{ 'action.apply-changes' | translate }}" |
|||
matTooltipPosition="above" |
|||
color="accent" class="tb-btn-header" |
|||
[ngClass]="{'tb-hide': !isEdit}" |
|||
(click)="onApplyDetails()"> |
|||
<mat-icon class="material-icons">done</mat-icon> |
|||
</button> |
|||
<button [disabled]="(isLoading$ | async)" |
|||
mat-fab |
|||
matTooltip="{{ 'action.decline-changes' | translate }}" |
|||
matTooltipPosition="above" |
|||
color="accent" class="tb-btn-header" |
|||
(click)="onToggleDetailsEditMode()"> |
|||
<mat-icon class="material-icons">{{isEdit ? 'close' : 'edit'}}</mat-icon> |
|||
</button> |
|||
</section> |
|||
</div> |
|||
</mat-toolbar> |
|||
<mat-card-content fxFlex="100"> |
|||
<mat-tab-group class="tb-absolute-fill" [ngClass]="{'tb-headless': hideDetailsTabs()}" [(selectedIndex)]="selectedTab" fxFill> |
|||
<mat-tab label="{{ 'details.details' | translate }}"> |
|||
<tb-anchor #entityDetailsForm></tb-anchor> |
|||
</mat-tab> |
|||
<tb-anchor #entityTabs></tb-anchor> |
|||
</mat-tab-group> |
|||
</mat-card-content> |
|||
</mat-card> |
|||
|
|||
@ -0,0 +1,119 @@ |
|||
/** |
|||
* Copyright © 2016-2021 The Thingsboard Authors |
|||
* |
|||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|||
* you may not use this file except in compliance with the License. |
|||
* You may obtain a copy of the License at |
|||
* |
|||
* http://www.apache.org/licenses/LICENSE-2.0 |
|||
* |
|||
* Unless required by applicable law or agreed to in writing, software |
|||
* distributed under the License is distributed on an "AS IS" BASIS, |
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
* See the License for the specific language governing permissions and |
|||
* limitations under the License. |
|||
*/ |
|||
@import "../../../../../scss/constants"; |
|||
|
|||
:host { |
|||
width: 100%; |
|||
height: 100%; |
|||
display: flex; |
|||
flex-direction: column; |
|||
overflow: hidden; |
|||
|
|||
.settings-card { |
|||
margin: 8px; |
|||
padding: 0; |
|||
width: 100%; |
|||
height: 100%; |
|||
display: flex; |
|||
flex-direction: column; |
|||
|
|||
.details-toolbar { |
|||
height: 84px; |
|||
min-height: 84px; |
|||
border-radius: 4px 4px 0 0; |
|||
background: #fff; |
|||
border-bottom: 1px solid rgba(0, 0, 0, 0.12); |
|||
|
|||
.mat-toolbar-tools { |
|||
padding: 0 8px; |
|||
} |
|||
|
|||
.tb-details-title-header { |
|||
min-width: 0; |
|||
width: auto; |
|||
} |
|||
|
|||
.tb-details-title { |
|||
font-size: 1rem; |
|||
font-weight: 500; |
|||
|
|||
@media #{$mat-gt-sm} { |
|||
font-size: 1.2rem; |
|||
} |
|||
} |
|||
|
|||
.tb-details-subtitle { |
|||
font-size: 0.9rem; |
|||
opacity: .8; |
|||
} |
|||
|
|||
.tb-ellipsis { |
|||
width: 100%; |
|||
overflow: hidden; |
|||
text-overflow: ellipsis; |
|||
white-space: nowrap; |
|||
} |
|||
} |
|||
|
|||
@media #{$mat-md} { |
|||
width: 80%; |
|||
} |
|||
|
|||
@media #{$mat-gt-md} { |
|||
width: 60%; |
|||
} |
|||
|
|||
.tb-header-button { |
|||
.tb-btn-header { |
|||
position: relative !important; |
|||
display: inline-block !important; |
|||
animation: tbMoveFromTopFade .3s ease both; |
|||
|
|||
&.tb-hide { |
|||
animation: tbMoveToTopFade .3s ease both; |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
|
|||
:host ::ng-deep { |
|||
.tb-help { |
|||
.mat-icon-button.mat-primary { |
|||
color: rgba(0, 0, 0, 0.52); |
|||
} |
|||
} |
|||
|
|||
.mat-card-content { |
|||
position: relative; |
|||
overflow: hidden; |
|||
|
|||
> .mat-tab-group { |
|||
> .mat-tab-body-wrapper { |
|||
position: absolute; |
|||
top: 49px; |
|||
left: 0; |
|||
right: 0; |
|||
bottom: 0; |
|||
} |
|||
> .mat-tab-header { |
|||
.mat-tab-label { |
|||
min-width: 40px; |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
@ -0,0 +1,182 @@ |
|||
///
|
|||
/// Copyright © 2016-2021 The Thingsboard Authors
|
|||
///
|
|||
/// Licensed under the Apache License, Version 2.0 (the "License");
|
|||
/// you may not use this file except in compliance with the License.
|
|||
/// You may obtain a copy of the License at
|
|||
///
|
|||
/// http://www.apache.org/licenses/LICENSE-2.0
|
|||
///
|
|||
/// Unless required by applicable law or agreed to in writing, software
|
|||
/// distributed under the License is distributed on an "AS IS" BASIS,
|
|||
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
/// See the License for the specific language governing permissions and
|
|||
/// limitations under the License.
|
|||
///
|
|||
|
|||
import { |
|||
ChangeDetectionStrategy, |
|||
ChangeDetectorRef, |
|||
Component, |
|||
ComponentFactoryResolver, |
|||
HostBinding, |
|||
Injector, |
|||
OnDestroy, |
|||
OnInit |
|||
} from '@angular/core'; |
|||
import { Store } from '@ngrx/store'; |
|||
import { AppState } from '@core/core.state'; |
|||
import { EntityTableConfig } from '@home/models/entity/entities-table-config.models'; |
|||
import { BaseData, HasId } from '@shared/models/base-data'; |
|||
import { ActivatedRoute, Router } from '@angular/router'; |
|||
import { FormGroup } from '@angular/forms'; |
|||
import { AssetId } from '@shared/models/id/asset-id'; |
|||
import { TranslateService } from '@ngx-translate/core'; |
|||
import { deepClone, mergeDeep } from '@core/utils'; |
|||
import { BroadcastService } from '@core/services/broadcast.service'; |
|||
import { EntityDetailsPanelComponent } from '@home/components/entity/entity-details-panel.component'; |
|||
import { DialogService } from '@core/services/dialog.service'; |
|||
|
|||
@Component({ |
|||
selector: 'tb-entity-details-page', |
|||
templateUrl: './entity-details-page.component.html', |
|||
styleUrls: ['./entity-details-page.component.scss'], |
|||
changeDetection: ChangeDetectionStrategy.OnPush |
|||
}) |
|||
export class EntityDetailsPageComponent extends EntityDetailsPanelComponent implements OnInit, OnDestroy { |
|||
|
|||
headerTitle: string; |
|||
headerSubtitle: string; |
|||
|
|||
isReadOnly = false; |
|||
|
|||
set entitiesTableConfig(entitiesTableConfig: EntityTableConfig<BaseData<HasId>>) { |
|||
if (this.entitiesTableConfigValue !== entitiesTableConfig) { |
|||
this.entitiesTableConfigValue = entitiesTableConfig; |
|||
if (this.entitiesTableConfigValue) { |
|||
this.isEdit = false; |
|||
this.entity = null; |
|||
} |
|||
} |
|||
} |
|||
|
|||
get entitiesTableConfig(): EntityTableConfig<BaseData<HasId>> { |
|||
return this.entitiesTableConfigValue; |
|||
} |
|||
|
|||
@HostBinding('class') 'tb-absolute-fill'; |
|||
|
|||
constructor(private route: ActivatedRoute, |
|||
private router: Router, |
|||
protected injector: Injector, |
|||
protected cd: ChangeDetectorRef, |
|||
protected componentFactoryResolver: ComponentFactoryResolver, |
|||
private broadcast: BroadcastService, |
|||
private translate: TranslateService, |
|||
private dialogService: DialogService, |
|||
protected store: Store<AppState>) { |
|||
super(store, injector, cd, componentFactoryResolver); |
|||
this.entitiesTableConfig = this.route.snapshot.data.entitiesTableConfig; |
|||
} |
|||
|
|||
ngOnInit() { |
|||
this.headerSubtitle = ''; |
|||
this.route.paramMap.subscribe( paramMap => { |
|||
this.entityId = new AssetId(paramMap.get('entityId')); |
|||
}); |
|||
this.headerSubtitle = this.translate.instant(this.entitiesTableConfig.entityTranslations.details); |
|||
super.init(); |
|||
this.entityComponent.isDetailsPage = true; |
|||
this.subscriptions.push(this.entityAction.subscribe((action) => { |
|||
if (action.action === 'delete') { |
|||
this.deleteEntity(action.event, action.entity); |
|||
} |
|||
})); |
|||
} |
|||
|
|||
ngOnDestroy() { |
|||
super.ngOnDestroy(); |
|||
} |
|||
|
|||
reload(): void { |
|||
this.isEdit = false; |
|||
this.entitiesTableConfig.loadEntity(this.currentEntityId).subscribe( |
|||
(entity) => { |
|||
this.entity = entity; |
|||
this.broadcast.broadcast('updateBreadcrumb'); |
|||
this.isReadOnly = this.entitiesTableConfig.detailsReadonly(entity); |
|||
this.headerTitle = this.entitiesTableConfig.entityTitle(entity); |
|||
this.entityComponent.entity = entity; |
|||
this.entityComponent.isEdit = false; |
|||
if (this.entityTabsComponent) { |
|||
this.entityTabsComponent.entity = entity; |
|||
} |
|||
} |
|||
); |
|||
} |
|||
|
|||
onToggleDetailsEditMode() { |
|||
if (this.isEdit) { |
|||
this.entityComponent.entity = this.entity; |
|||
if (this.entityTabsComponent) { |
|||
this.entityTabsComponent.entity = this.entity; |
|||
} |
|||
this.isEdit = !this.isEdit; |
|||
} else { |
|||
this.isEdit = !this.isEdit; |
|||
this.editingEntity = deepClone(this.entity); |
|||
this.entityComponent.entity = this.editingEntity; |
|||
if (this.entityTabsComponent) { |
|||
this.entityTabsComponent.entity = this.editingEntity; |
|||
} |
|||
if (this.entitiesTableConfig.hideDetailsTabsOnEdit) { |
|||
this.selectedTab = 0; |
|||
} |
|||
} |
|||
} |
|||
|
|||
onApplyDetails() { |
|||
if (this.detailsForm && this.detailsForm.valid) { |
|||
const editingEntity = {...this.editingEntity, ...this.detailsForm.getRawValue()}; |
|||
if (this.detailsForm.hasOwnProperty('additionalInfo')) { |
|||
editingEntity.additionalInfo = |
|||
mergeDeep((this.editingEntity as any).additionalInfo, this.detailsForm.getRawValue()?.additionalInfo); |
|||
} |
|||
this.entitiesTableConfig.saveEntity(editingEntity, this.editingEntity).subscribe( |
|||
(entity) => { |
|||
this.entity = entity; |
|||
this.entityComponent.entity = entity; |
|||
if (this.entityTabsComponent) { |
|||
this.entityTabsComponent.entity = entity; |
|||
} |
|||
this.isEdit = false; |
|||
} |
|||
); |
|||
} |
|||
} |
|||
|
|||
confirmForm(): FormGroup { |
|||
return this.detailsForm; |
|||
} |
|||
|
|||
private deleteEntity($event: Event, entity: BaseData<HasId>) { |
|||
if ($event) { |
|||
$event.stopPropagation(); |
|||
} |
|||
this.dialogService.confirm( |
|||
this.entitiesTableConfig.deleteEntityTitle(entity), |
|||
this.entitiesTableConfig.deleteEntityContent(entity), |
|||
this.translate.instant('action.no'), |
|||
this.translate.instant('action.yes'), |
|||
true |
|||
).subscribe((result) => { |
|||
if (result) { |
|||
this.entitiesTableConfig.deleteEntity(entity.id).subscribe( |
|||
() => { |
|||
this.router.navigate(['../'], {relativeTo: this.route}); |
|||
} |
|||
); |
|||
} |
|||
}); |
|||
} |
|||
} |
|||
Some files were not shown because too many files changed in this diff
Loading…
Reference in new issue