From c655b58977990fc57bfe570509c1a7faf2e88e8d Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Thu, 30 Dec 2021 12:31:21 +0200 Subject: [PATCH 01/16] lwm2m delete security files jks and in yml security enable = false --- .../src/main/resources/thingsboard.yml | 10 +- .../credentials/shell/lwM2M_credentials.sh | 359 ----------------- .../credentials/shell/lwM2M_keygen.properties | 57 --- .../lwm2m/src/main/resources/lwm2mserver.jks | Bin 3849 -> 0 bytes pom.xml | 34 -- .../credentials/shell/lwM2M_credentials.sh | 360 ------------------ .../credentials/shell/lwM2M_keygen.properties | 57 --- transport/lwm2m/src/main/data/lwm2mserver.jks | Bin 4017 -> 0 bytes .../src/main/resources/tb-lwm2m-transport.yml | 10 +- 9 files changed, 10 insertions(+), 877 deletions(-) delete mode 100644 common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh delete mode 100644 common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties delete mode 100644 common/transport/lwm2m/src/main/resources/lwm2mserver.jks delete mode 100755 transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh delete mode 100644 transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties delete mode 100644 transport/lwm2m/src/main/data/lwm2mserver.jks diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index a502afb297..6865aebf9a 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -733,7 +733,7 @@ transport: # Server X509 Certificates support credentials: # Whether to enable LWM2M server X509 Certificate/RPK support - enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:true}" + enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:false}" # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}" # PEM server credentials @@ -769,7 +769,7 @@ transport: # Bootstrap server X509 Certificates support credentials: # Whether to enable LWM2M bootstrap server X509 Certificate/RPK support - enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:true}" + enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:false}" # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) type: "${LWM2M_BS_CREDENTIALS_TYPE:PEM}" # PEM server credentials @@ -796,19 +796,19 @@ transport: # X509 trust certificates trust-credentials: # Whether to load X509 trust certificates - enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:true}" + enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:false}" # Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore) type: "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}" # PEM certificates pem: # Path to the certificates file (holds trust certificates) - cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mserver.pem}" + cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mtruststorechain.pem}" # Keystore with trust certificates keystore: # Type of the key store type: "${LWM2M_TRUST_KEY_STORE_TYPE:JKS}" # Path to the key store that holds the X509 certificates - store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mserver.jks}" + store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mtruststorechain.jks}" # Password used to access the key store store_password: "${LWM2M_TRUST_KEY_STORE_PASSWORD:server_ks_password}" recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}" diff --git a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh deleted file mode 100644 index f68ca30005..0000000000 --- a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh +++ /dev/null @@ -1,359 +0,0 @@ -#!/bin/sh -# -# Copyright © 2016-2021 The Thingsboard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password - -#p) CLIENT_CN=$CLIENT_PREFIX00000000 -#s) client_start=0 -#f) client_finish=1 -#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000 -#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000 -#b) BOOTSTRAP_ALIAS=bootstrap -#d) SERVER_ALIAS=server -#j) SERVER_STORE=serverKeyStore.jks -#k) CLIENT_STORE=clientKeyStore.jks -#c) CLIENT_STORE_PWD=client_ks_password -#w) SERVER_STORE_PWD=server_ks_password -#l) ROOT_KEY_ALIAS=root_key_alias - -while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do - case "${flag}" in - p) client_pref=${OPTARG} ;; - s) client_start=${OPTARG} ;; - f) client_finish=${OPTARG} ;; - a) client_alias_pref=${OPTARG} ;; - e) client_self_alias_pref=${OPTARG} ;; - b) bootstrap_alias=${OPTARG} ;; - d) server_alias=${OPTARG} ;; - j) key_store_server_file=${OPTARG} ;; - k) key_store_client_file=${OPTARG} ;; - c) client_key_store_pwd=${OPTARG} ;; - w) server_key_store_pwd=${OPTARG} ;; - w) root_key_alias=${OPTARG} ;; - esac -done - -# cd to dir of script -script_dir=$(dirname $0) -echo "script_dir: $script_dir" -cd $script_dir -# source the properties: -. ./lwM2M_keygen.properties - -if [ -n "$client_pref" ]; then - CLIENT_PREFIX=$client_pref -fi - -if [ -z "$client_start" ]; then - client_start=0 -fi - -if [ -z "$client_finish" ]; then - client_finish=1 -fi - -if [ -n "$client_alias_pref" ]; then - CLIENT_ALIAS_PREFIX=$client_alias_pref -fi - -if [ -n "$client_self_alias_pref" ]; then - CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref -fi - -if [ -n "$bootstrap_alias" ]; then - BOOTSTRAP_ALIAS=$bootstrap_alias -fi - -if [ -n "$server_alias" ]; then - SERVER_ALIAS=$server_alias -fi - -if [ -n "$key_store_server_file" ]; then - SERVER_STORE=$key_store_server_file -fi - -if [ -n "$key_store_client_file" ]; then - CLIENT_STORE=$key_store_client_file -fi - -if [ -n "$client_key_store_pwd" ]; then - CLIENT_STORE_PWD=$client_key_store_pwd -fi - -if [ -n "$server_key_store_pwd" ]; then - SERVER_STORE_PWD=$server_key_store_pwd -fi - -if [ -n "$root_key_alias" ]; then - ROOT_KEY_ALIAS=$root_key_alias -fi - -CLIENT_NUMBER=$client_start - -echo "==Start==" -echo "CLIENT_PREFIX: $CLIENT_PREFIX" -echo "client_start: $client_start" -echo "client_finish: $client_finish" -echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX" -echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX" -echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS" -echo "SERVER_ALIAS: $SERVER_ALIAS" -echo "SERVER_STORE: $SERVER_STORE" -echo "CLIENT_STORE: $CLIENT_STORE" -echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD" -echo "SERVER_STORE_PWD: $SERVER_STORE_PWD" -echo "CLIENT_NUMBER: $CLIENT_NUMBER" -echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS" - -end_point() { - echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)" -} - -client_alias_point() { - echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" -} - -client_self_alias_point() { - echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" -} - -# Generation of the keystore. -echo "${H0}====START========${RESET}" -echo "${H1}Server Keystore : ${RESET}" -echo "${H1}==================${RESET}" -echo "${H2}Creating the trusted root CA key and certificate...${RESET}" -# -keysize -# 1024 (when using -genkeypair) -keytool \ - -genkeypair \ - -alias $ROOT_KEY_ALIAS \ - -keyalg EC \ - -dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $SERVER_STORE_PWD \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD - -echo -echo "${H2}Creating server key and self-signed certificate ...${RESET}" -keytool \ - -genkeypair \ - -alias $SERVER_ALIAS \ - -keyalg EC \ - -dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $SERVER_STORE_PWD \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD -keytool \ - -exportcert \ - -alias $SERVER_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -importcert \ - -alias $SERVER_SELF_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -noprompt - -echo -echo "${H2}Creating server certificate signed by root CA...${RESET}" -keytool \ - -certreq \ - -alias $SERVER_ALIAS \ - -dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -gencert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -storetype $STORETYPE \ - -validity $VALIDITY | - keytool \ - -importcert \ - -alias $SERVER_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD - -echo -echo "${H2}Creating bootstrap key and self-signed certificate ...${RESET}" -keytool \ - -genkeypair \ - -alias $BOOTSTRAP_ALIAS \ - -keyalg EC \ - -dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $SERVER_STORE_PWD \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD -keytool \ - -exportcert \ - -alias $BOOTSTRAP_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -importcert \ - -alias $BOOTSTRAP_SELF_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -noprompt - -echo -echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}" -keytool \ - -certreq \ - -alias $BOOTSTRAP_ALIAS \ - -dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -gencert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -storetype $STORETYPE \ - -validity $VALIDITY | - keytool \ - -importcert \ - -alias $BOOTSTRAP_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD - -if [ "$client_start" -lt "$client_finish" ]; then - echo - echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}" - keytool \ - -exportcert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -importcert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD \ - -noprompt -fi - -cert_end_point() { - echo - echo "${H1}Client Keystore : ${RESET}" - echo "${H1}==================${RESET}" - echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}" - keytool \ - -genkeypair \ - -alias $CLIENT_ALIAS \ - -keyalg EC \ - -dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $CLIENT_STORE_PWD \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD - keytool \ - -exportcert \ - -alias $CLIENT_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD | - keytool \ - -importcert \ - -alias $CLIENT_SELF_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD \ - -noprompt -# -# echo -# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}" -# keytool \ -# -exportcert \ -# -alias $ROOT_KEY_ALIAS \ -# -keystore $SERVER_STORE \ -# -storepass $SERVER_STORE_PWD | -# keytool \ -# -importcert \ -# -alias $ROOT_KEY_ALIAS \ -# -keystore $CLIENT_STORE \ -# -storepass $CLIENT_STORE_PWD \ -# -noprompt -# - - echo - echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}" - keytool \ - -certreq \ - -alias $CLIENT_ALIAS \ - -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD | - keytool \ - -gencert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -storetype $STORETYPE \ - -validity $VALIDITY | - keytool \ - -importcert \ - -alias $CLIENT_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD \ - -noprompt -} - -if [ "$client_start" -lt "$client_finish" ]; then - echo - echo "==Start Client==" - while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do - echo "number $CLIENT_NUMBER" - echo "finish $client_finish" - CLIENT_CN=$(end_point) - CLIENT_ALIAS=$(client_alias_point) - CLIENT_SELF_ALIAS=$(client_self_alias_point) - echo "CLIENT_CN $CLIENT_CN" - echo "CLIENT_ALIAS $CLIENT_ALIAS" - echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS" - cert_end_point - CLIENT_NUMBER=$(($CLIENT_NUMBER + 1)) - echo - done -fi - -echo -echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" -keytool \ - -importkeystore \ - -srckeystore $SERVER_STORE \ - -destkeystore $SERVER_STORE \ - -deststoretype pkcs12 \ - -srcstorepass $SERVER_STORE_PWD - -if [ "$client_start" -lt "$client_finish" ]; then - echo - echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" - keytool \ - -importkeystore \ - -srckeystore $CLIENT_STORE \ - -destkeystore $CLIENT_STORE \ - -deststoretype pkcs12 \ - -srcstorepass $CLIENT_STORE_PWD -fi diff --git a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties deleted file mode 100644 index 7b3cd9c09a..0000000000 --- a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright © 2016-2017 The Thingsboard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Keystore common parameters -ROOT_KEY_ALIAS=rootCA -DOMAIN_SUFFIX="$(hostname)" -ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS" -ORGANIZATIONAL_UNIT=Thingsboard -ORGANIZATION=Thingsboard -CITY=SF -STATE_OR_PROVINCE=CA -TWO_LETTER_COUNTRY_CODE=US -VALIDITY=36500 #days -STORETYPE="JKS" - -#Server -SERVER_STORE=serverKeyStore1.jks -SERVER_STORE_PWD=server_ks_password1 -SERVER_ALIAS=server1 -SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA" -SERVER_SELF_ALIAS=server_self_signed -SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed" -BOOTSTRAP_ALIAS=bootstrap1 -BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA" -BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed -BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed" - -# Client -CLIENT_STORE=clientKeyStore1.jks -CLIENT_STORE_PWD=client_ks_password1 -CLIENT_ALIAS_PREFIX=client_alias_1 -CLIENT_PREFIX=LwX509___ -CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1 -CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed" - -# Color output stuff -red=`tput setaf 1` -green=`tput setaf 2` -blue=`tput setaf 4` -bold=`tput bold` -H0=${red}${bold} -H1=${green}${bold} -H2=${blue} -RESET=`tput sgr0` diff --git a/common/transport/lwm2m/src/main/resources/lwm2mserver.jks b/common/transport/lwm2m/src/main/resources/lwm2mserver.jks deleted file mode 100644 index 5fab824aa1b19928fe711701cd27857472a9e739..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3849 zcma))cQ738*2k5#+A3Kq(YqjRcL_F1L>K%-FB_t+8ZBy+V6l1$qW9jSCDF?Y!3rTn zi{2%y-eQ&O-nn(={o|c8bI#27d(QLB`OJZ#>BvZkNnvQ(b|B>)j0)z2hM1f<7fo9Y zK+{%S%Ox;0$@BlQNYnvn5|wLN0fr`K1ycWW3PeRrk{g7B1@*v$fK>kyub*ZGK<*M} z={8PCcFVlAro7urVR?jwWRj2)b!h^EQgg>cnZ9_dBi7mrZl=C^`YJ^4Mwty}WZR0C zPQ-gm(fzX0-@T*x|zp44h)t@B? zY_f0D4EtZp_rA=3XLiAL`ZT!(KOmt+Y}|5c=e|dC*|5v*ja6N;P!Fd-Q7Q`#tIifw z(8tq0NuqRgD873qAUK+6Kh@$e%9I-Z1jhRBy(uAZS`HAA8xe}=6_MxPGmQH`CL zotg#=i4W;>Ob9Ot&9k&?^5MQpmW7E%3N-Utl0R8PkN5qGa#;OUfqhDFrT-=XfkQaJ zL>5HO*WrGR$^9CWIg!hMxBOp_9z7I+p+O4&CP@y=MT11IB{&H&(RI1=ABXsVt_t|~ zt6F7ER@7MOM!a^#FN=&4yAoJB+5Uko5KX-c!%Mvx8ue-o@|Y8>V=p&sOo11EWwN|r zj`X=_(lIw_*u>$y#?99EnlxHCuJ1sFLi1tvjUxeaUwu%Hl}w(?Dc^mU%SF|OSmTo$&6>m_Hq&%@zRJN|j9z8-8ugmY(5pMw@S`gcpZV=*L=9&ZUr;wmRYs&KNw`qCPGcvsC`=$Kz5GHI9WLoGw?Rut|#MUOiLQvr2Z(+2bYV11c z?0JoX3+wRi$WadS8;I!G-}+8!AOZGAbWTc7{bpo(e5Lu_>f?`7kwSeU8sn+o#A3sI z5-twp+FSDY{;;v0?ZD%O^1KPYTCyu89Yv+yHH>+IcG}B2(XMjCRET{#$TkpGm<8|PpkIa zD*_wKhsF8tT6RD&?TTM^|3oRL-r;Ept2LYEz2|9%Tz1f4HR%KyGbjuHvZYaamfdiV z3D7b;@!%7x>zUhWsL36>6fcQgztN^p{rFiZHSf5vuwEFv@N# zQsFQ1@GoT*tO=Y3d$HMnZ1dTWiu9>9sNgUCCT&|E$FbG<44A4nWxQ?#lDM+Yie>d#EuLBauH zgj`MgEeG3#g+(rB58z~09U}TZ^@KjTMJ{Z5Wf_|>cN!_>G8hKEME;U9#mWW+5p=7g zT!-Zd6RC@Vq;ky+gUOxNM`U>7txb`IXl0DKl*O3QI|dVX`cI=nH&ov~UMVN9OobR58$-80m8T zWl`BdzdWZD$+^mJt|o>kD>LW8?e5PxA#}$1{=UT-RZ!1Ct+5!m{)91j7okSnTprCT zK=bKzJXyyvx=#(b>FIHyj()0>;ANv&;! z_)RJh?TOP-HIA&P@SxIw=16K0(3L11dtqYXr?gq)J2$hP)`4E`FOK~bhZpr(x#2>y zgk-q=JjTO$WVI+I_LIF-V!g&ACh?~3F!J2>6kYRBf64(AH2+VivIo&k^Wi0cL8~8~ zmaDIDy-~ECGu@X(6e|)G(X(mx3v_F-^rO^YOuK4>54u$@azF6?Fos9Lx!z%Wf#N~> zoD=JI-ziyZoi_Uo?Sy_Md0l<|u%;DtG3;62{-I8vGksE5Y94yFNwLrjPN_h8e*581bHb7nwR+aY6P{HsoGZ5L=5H5JXoh`OiQjUo#Sc+9f95VHpu2m zm6|V?j@f`ZNng6BSyMq7k_j)je*_PO$gO9%>vW}ltSSPOY1ufO21C!&gp@rF%?e+h z*h)E9E@x$p#Dt=i)?Um^5?U!3AQGUeoYl7M(g-|0I^EQ(RllS){vVv)h$7II3}< zj>%Xa|CyE;(o*qC9(NgOj4ep@vHmyar-`uk>i1as`YKSHtw+qjP@`<>qf@X zfTW)6A~531(u>h(bzlX}hZCf}Znqcdl8lgAN;yxlq$!m9&ku@FVUYUfk!~Bjqz9Q7 zto$}nueJm{J%+3&+i5>TyyND`jM#sjR4|qyeL^~Vl`mA_Zy&K;MLXE}OF;ZeFg|-= zX4x}dOuK+Txf9nIVc)YN`=;yh{H@_SM{y!rPMt1xig;>~Dv-n?U%{(yPB(K>H!#ez z(7FIN1#uU{+U!-hxM1n$`~AZ86Cu;%-pzgThH?{Phyr^dHQyz;K}wFKPN9-4pD>4? z-rk?Qb5xiQ7g)w71ej~P#U;BeFikx&RlWYLTauoB%CTaJes~Q_tLU5n+p9v*e4A1E zz8OOHyym7|?nI;Hm*BIGiXqXmO_|~vx&Hi30X*fhvaD?RnFJM=Qta0q-x7vy!}qSlED(*#K$qn3=IqHN>esF#h$G|Z4A|GJ5aLqx9cXDwzfOk%8Tcquhv#>mBpUu z;r6Q07B#4S9v;mZ!nT9)3R{t0>2@Q%@V54d@-ur5$lNlyG-EH|%aSeOe9c(D6T>OU zXNylOO|Qd@%pJcUL6FOH(>$xw#NK8*#4(|;Wq~M zBa!vg_V^_ehS&qEo=%pXEyZvtT5n;dtmU`@pHXx1xHUnMwho64x17)eu7Ia<8o1FS zG4;M6<%J7g^a@NZQCw?rhWx3fa?Dl2qy7fmp2b;WI)h%%ot>y1MPYKP%u^vvrNteFCnDCe=`Sj#KteNow|(Q8d;a)JZhpYqoePcLA7QTAM`SCA~<_BDhA#= zMtKeSANuU+M){zwq9(y=5#Q9!z;SDYuQd#SOYQk9lPQAvn0IEpVUtsPgD&~X!($WB zM+Tl9rQCa)Xa3!Dg+{7duIhE(?=R-A9t^I0&QeFVdwLwQ_$2Jri4s59;$3~TP;|am zn!9z;+C22g(CJHg2+CK5n03Cns4;wzsrPV;+2#qUgnRPjOV@kO%|9o(RqHFx3u6U0 zos!a*#sD7?R9dIa8X%cMHn(@6sU{WE48Pb3*5id4tQ2FO7X9Iq{Iz#fI~&b#_6n(! zg{#6bH|=tob*20lMhkP86* b(C|b)G3l|ClS0(tPLrtJO%hUKOzz(RVYoVD diff --git a/pom.xml b/pom.xml index c06960c6ca..9dd8c043b2 100755 --- a/pom.xml +++ b/pom.xml @@ -403,39 +403,9 @@ false - - ../common/transport/lwm2m/src/main/resources - - **/*.xml - **/*.jks - - false - - - - - - copy-lwm2m-resources - ${pkg.process-resources.phase} - - copy-resources - - - ../transport/lwm2m/src/main/data - - - ../common/transport/lwm2m/src/main/resources - - **/*.xml - **/*.jks - - false - - - copy-docker-config ${pkg.process-resources.phase} @@ -829,10 +799,6 @@ **/*.proto.js docker/haproxy/** docker/tb-node/** - src/main/resources/models/*.xml - src/main/resources/credentials/*.jks - src/main/resources/credentials/shell/*.jks - src/main/resources/credentials/shell/*.jks.old ui/** src/.browserslistrc **/yarn.lock diff --git a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh deleted file mode 100755 index d623bfad42..0000000000 --- a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh +++ /dev/null @@ -1,360 +0,0 @@ -#!/bin/sh -# -# Copyright © 2016-2021 The Thingsboard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password - -#p) CLIENT_CN=$CLIENT_PREFIX00000000 -#s) client_start=0 -#f) client_finish=1 -#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000 -#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000 -#b) BOOTSTRAP_ALIAS=bootstrap -#d) SERVER_ALIAS=server -#j) SERVER_STORE=serverKeyStore.jks -#k) CLIENT_STORE=clientKeyStore.jks -#c) CLIENT_STORE_PWD=client_ks_password -#w) SERVER_STORE_PWD=server_ks_password -#l) ROOT_KEY_ALIAS=root_key_alias - -while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do - case "${flag}" in - p) client_pref=${OPTARG} ;; - s) client_start=${OPTARG} ;; - f) client_finish=${OPTARG} ;; - a) client_alias_pref=${OPTARG} ;; - e) client_self_alias_pref=${OPTARG} ;; - b) bootstrap_alias=${OPTARG} ;; - d) server_alias=${OPTARG} ;; - j) key_store_server_file=${OPTARG} ;; - k) key_store_client_file=${OPTARG} ;; - c) client_key_store_pwd=${OPTARG} ;; - w) server_key_store_pwd=${OPTARG} ;; - w) root_key_alias=${OPTARG} ;; - esac -done - -# cd to dir of script -script_dir=$(dirname $0) -echo "script_dir: $script_dir" -cd $script_dir -# source the properties: -. ./lwM2M_keygen.properties - -if [ -n "$client_pref" ]; then - CLIENT_PREFIX=$client_pref -fi - -if [ -z "$client_start" ]; then - client_start=0 -fi - -if [ -z "$client_finish" ]; then - client_finish=1 -fi - -if [ -n "$client_alias_pref" ]; then - CLIENT_ALIAS_PREFIX=$client_alias_pref -fi - -if [ -n "$client_self_alias_pref" ]; then - CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref -fi - -if [ -n "$bootstrap_alias" ]; then - BOOTSTRAP_ALIAS=$bootstrap_alias -fi - -if [ -n "$server_alias" ]; then - SERVER_ALIAS=$server_alias -fi - -if [ -n "$key_store_server_file" ]; then - SERVER_STORE=$key_store_server_file -fi - -if [ -n "$key_store_client_file" ]; then - CLIENT_STORE=$key_store_client_file -fi - -if [ -n "$client_key_store_pwd" ]; then - CLIENT_STORE_PWD=$client_key_store_pwd -fi - -if [ -n "$server_key_store_pwd" ]; then - SERVER_STORE_PWD=$server_key_store_pwd -fi - -if [ -n "$root_key_alias" ]; then - ROOT_KEY_ALIAS=$root_key_alias -fi - -CLIENT_NUMBER=$client_start - -echo "==Start==" -echo "CLIENT_PREFIX: $CLIENT_PREFIX" -echo "client_start: $client_start" -echo "client_finish: $client_finish" -echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX" -echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX" -echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS" -echo "SERVER_ALIAS: $SERVER_ALIAS" -echo "SERVER_STORE: $SERVER_STORE" -echo "CLIENT_STORE: $CLIENT_STORE" -echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD" -echo "SERVER_STORE_PWD: $SERVER_STORE_PWD" -echo "CLIENT_NUMBER: $CLIENT_NUMBER" -echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS" - -end_point() { - echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)" -} - -client_alias_point() { - echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" -} - -client_self_alias_point() { - echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" -} - -# Generation of the keystore. -echo "${H0}====START========${RESET}" -echo "${H1}Server Keystore : ${RESET}" -echo "${H1}==================${RESET}" -echo "${H2}Creating the trusted root CA key and certificate...${RESET}" -# -keysize -# 1024 (when using -genkeypair) -keytool \ - -genkeypair \ - -alias $ROOT_KEY_ALIAS \ - -keyalg EC \ - -dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $SERVER_STORE_PWD \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD - -echo -echo "${H2}Creating server key and self-signed certificate ...${RESET}" -keytool \ - -genkeypair \ - -alias $SERVER_ALIAS \ - -keyalg EC \ - -dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $SERVER_STORE_PWD \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD -keytool \ - -exportcert \ - -alias $SERVER_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -importcert \ - -alias $SERVER_SELF_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -noprompt - -echo -echo "${H2}Creating server certificate signed by root CA...${RESET}" -keytool \ - -certreq \ - -alias $SERVER_ALIAS \ - -dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -gencert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -storetype $STORETYPE \ - -validity $VALIDITY | - keytool \ - -importcert \ - -alias $SERVER_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD - -echo -echo "${H2}Creating bootstrap key and self-signed certificate ...${RESET}" -keytool \ - -genkeypair \ - -alias $BOOTSTRAP_ALIAS \ - -keyalg EC \ - -dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $SERVER_STORE_PWD \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD -keytool \ - -exportcert \ - -alias $BOOTSTRAP_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -importcert \ - -alias $BOOTSTRAP_SELF_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -noprompt - -echo -echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}" -keytool \ - -certreq \ - -alias $BOOTSTRAP_ALIAS \ - -dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -gencert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -storetype $STORETYPE \ - -validity $VALIDITY | - keytool \ - -importcert \ - -alias $BOOTSTRAP_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD - -if [ "$client_start" -lt "$client_finish" ]; then - echo - echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}" - keytool \ - -exportcert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD | - keytool \ - -importcert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD \ - -noprompt -fi - -cert_end_point() { - echo - echo "${H1}Client Keystore : ${RESET}" - echo "${H1}==================${RESET}" - echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}" - keytool \ - -genkeypair \ - -alias $CLIENT_ALIAS \ - -keyalg EC \ - -dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -validity $VALIDITY \ - -storetype $STORETYPE \ - -keypass $CLIENT_STORE_PWD \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD - keytool \ - -exportcert \ - -alias $CLIENT_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD | - keytool \ - -importcert \ - -alias $CLIENT_SELF_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD \ - -noprompt -# -# echo -# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}" -# keytool \ -# -exportcert \ -# -alias $ROOT_KEY_ALIAS \ -# -keystore $SERVER_STORE \ -# -storepass $SERVER_STORE_PWD | -# keytool \ -# -importcert \ -# -alias $ROOT_KEY_ALIAS \ -# -keystore $CLIENT_STORE \ -# -storepass $CLIENT_STORE_PWD \ -# -noprompt -# - - echo - echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}" - keytool \ - -certreq \ - -alias $CLIENT_ALIAS \ - -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD | - keytool \ - -gencert \ - -alias $ROOT_KEY_ALIAS \ - -keystore $SERVER_STORE \ - -storepass $SERVER_STORE_PWD \ - -storetype $STORETYPE \ - -validity $VALIDITY | - keytool \ - -importcert \ - -alias $CLIENT_ALIAS \ - -keystore $CLIENT_STORE \ - -storepass $CLIENT_STORE_PWD \ - -noprompt -} - -if [ "$client_start" -lt "$client_finish" ]; then - - echo - echo "==Start Client==" - while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do - echo "number $CLIENT_NUMBER" - echo "finish $client_finish" - CLIENT_CN=$(end_point) - CLIENT_ALIAS=$(client_alias_point) - CLIENT_SELF_ALIAS=$(client_self_alias_point) - echo "CLIENT_CN $CLIENT_CN" - echo "CLIENT_ALIAS $CLIENT_ALIAS" - echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS" - cert_end_point - CLIENT_NUMBER=$(($CLIENT_NUMBER + 1)) - echo - done -fi - -echo -echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" -keytool \ - -importkeystore \ - -srckeystore $SERVER_STORE \ - -destkeystore $SERVER_STORE \ - -deststoretype pkcs12 \ - -srcstorepass $SERVER_STORE_PWD - -if [ "$client_start" -lt "$client_finish" ]; then - echo - echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" - keytool \ - -importkeystore \ - -srckeystore $CLIENT_STORE \ - -destkeystore $CLIENT_STORE \ - -deststoretype pkcs12 \ - -srcstorepass $CLIENT_STORE_PWD -fi diff --git a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties deleted file mode 100644 index 7b3cd9c09a..0000000000 --- a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright © 2016-2017 The Thingsboard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Keystore common parameters -ROOT_KEY_ALIAS=rootCA -DOMAIN_SUFFIX="$(hostname)" -ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS" -ORGANIZATIONAL_UNIT=Thingsboard -ORGANIZATION=Thingsboard -CITY=SF -STATE_OR_PROVINCE=CA -TWO_LETTER_COUNTRY_CODE=US -VALIDITY=36500 #days -STORETYPE="JKS" - -#Server -SERVER_STORE=serverKeyStore1.jks -SERVER_STORE_PWD=server_ks_password1 -SERVER_ALIAS=server1 -SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA" -SERVER_SELF_ALIAS=server_self_signed -SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed" -BOOTSTRAP_ALIAS=bootstrap1 -BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA" -BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed -BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed" - -# Client -CLIENT_STORE=clientKeyStore1.jks -CLIENT_STORE_PWD=client_ks_password1 -CLIENT_ALIAS_PREFIX=client_alias_1 -CLIENT_PREFIX=LwX509___ -CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1 -CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed" - -# Color output stuff -red=`tput setaf 1` -green=`tput setaf 2` -blue=`tput setaf 4` -bold=`tput bold` -H0=${red}${bold} -H1=${green}${bold} -H2=${blue} -RESET=`tput sgr0` diff --git a/transport/lwm2m/src/main/data/lwm2mserver.jks b/transport/lwm2m/src/main/data/lwm2mserver.jks deleted file mode 100644 index 301f4e2c3ab90931eb166859e71b2c443fa35660..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4017 zcma)*cQ738_Qu!hy+@5+mMFVci!OQ(Ru@88A)>4{pTw>8WLbx+&DOH1S~;8^DpsgG!GdY z>bxuFM@5tx2x4L$wo`v?YwdnIkQ6X<3iSJ|Xw;7&h--}qD$ zQ~2h9rQ~C23WDC>R1dZ5-ZZitUSa*UVY?J?FQn)=DZ1bwV4jy&98YXFo`uT>Io>i1 z3)bUUT$kWc>@XsSD>Mpld78KRDiWj)AzEObfB&1B4Z^@j2M7Xq0uX@Ezn@^i|CsC$ zHZm5N_d`zsh$2+^svruGo63q;cm)4nczUunqrQImX*6B#lqu8qaZx2&NBUoQnpzT{ z-sg^6Qsr2=Uz8f6Hy7&}cb#9X=F3nr{zyQ;%^h3LNgpuLrc7`l{Zsya!l`kr4J6TA zJ-$L;vibOtt;~DgpO5CW52{#RcH;YqQ;Q68a46L^wU``h_$SWQ+3La@*c+mv`CK6$ zr#!DI)B(uX_C+$_X|G*X-PnQ=x5lT6yW!n#(8+V>*kP$YbbGW2M zY`JSn1!lPnC%rz0KXj$tiHaZ-rCQ6K3a2KSu>qUi-?4lMG-H^q^2+gIc@h~ZEj;5H`o}^6#-c!3Pld4t8f=Q+ml`~WoEwEH!t8EYG zH{SLO_bm9+D)v&KvU3mdwW}#E-6dOnDz zf}M_Ghpm(G@WUsZ=d@VYiE(uzQH8-;7{^&@bMAL~!tp*h$B=_lam1IWlZOjB))1g5 zCituA$^0$PT%y8q@9g1s>O3Xa9WmC{zWO7Lpi?4uWpTwTlGV$)rrIa72(oQPr~Zl? z88;ON{d!^<1C3a6h?_2k>^xeVZAc$r0hW8kgtVWYYK3*;V}DnGLC37Pj;LnMxh~Bs z8OwuKh^{xsN{`KLI_+Z2M9jqo546(N68BPbHr&-c;jmElOLuXJH);8UfDTiXx-k>S zgX5MPGR(+UVIiXs9K*9A;l27EdV%rnrvNAEg=I!qSzB!sEq$cA=pDp)YKHEU4d%_H z=kaTCRfbfYJH|80Iv*d?$ zvPqfyhU~s{{G>`jY2qn>To&%TP_FLv5kkn*I*UUM>yaf5k^2E{(aRbdzGm%Bpo*y>=F%-bmOhqj{1& zniV=XQj}IPk4@Ksn}3D;^&$g+7i@UOLeS^-{B@)n=lL9_=R5?bxlTu7>(s8(ZfRqh z7B1>cn)Y5{4^)BciAl{&u&zGOM~6!$N1yzayJ0F%__4fiDOT2FafWI9@*prZ6vSuU z&1i{Dky3n`T7F+oVLgncYcj|pY;3frI_uBc&qpzy~wK$+`g^>knAZ7Sq-L1mb9%|^7NLsI59H!oU<9fMka z7bf{wl_4z1@}ggjb>zMHgSr$9T_~clx3BB|Tfy}rH_!+Nt=rH7UV+;?>Sd?I%{R&E z%2pFClVKJz1N0fLstR5<*9tndby?cyZOn`Ye3ZYP%=tdIhF;E)N%ND7A=?FMx@KTz z;7@>(AvEL%Aw7?um8kn?mYZLflKl06Mtxs#3V+1OodlxFU68(g>auTu^Dy^Gnh?^N zKZAaDushoHe0MZXNld_Q3>^d`F7@pNkOWkBgSxu2^LCy0w`F697PK4_sOs4Y{3IX+?=-|<<<%E}x41@6qpZ^fnM*EQlQ4|dU| zlI|#ywY>%oe`k%Pl+Dh9AX5UxO+*UJ+Ju6y}u9P;qnzkm_i z*?R!4Z-*I*9S{H5Sl_7)%-vU;H#|+OX50(+<>z8u1U);E-F?TMv;Fy1g5v?xSd&gJ z5s{Sb(bBq;(sJklwrDWv_f) zu^7y1;C?zLwU#7bP=w3jnU9-@Q%mGI=%5UJ&RK!xJoNbSKH0H4XxCd})9??#JR#k2 zRXem*o7YDBHZDpDedj!xK>G|F&7Z10n{0D=L0UAVg6z%z8D%*&3Vth-p{mz+O`mon z`3M~cmFFu8kS6kNY30n7*OdevPn><+8|}4rnv1oAI8c&`HsGeki#S9~Qs@ctgIZYHU|~TA%?^At1ut1<21KzVq_yK%z+G-4U)x7Vz**?xn!`grLZ@Ut;8{c|WrT zY(9Twipqj%f2*V%^Kg2UTX%hNT3rS9cp*Vw-J$v11LSPp%fryPQaJT+?AxF$JTmkp zpN#RHE~pKYdy7FGW7JzmRTQS>WOW|$SY?T(0Vzcs;_sm)zk`Kbi<4O|LudGZK+Hc_ z6`0KF7qiGh2gve12#=sDsdC-;#0c!;)z2@NYwIG<;Y;`X?P&9g-l07qQ|E`kM<+9x z+nEjC(iZM65xY8c{VjHQ$3!vwAsTbUEaJw^)>8cQPy1Tba437A1Z>ZmEZh9>2+=#H zblrrGPzvZ~t#DCG+kcbJyZ*sm2_f$})7HxDF>{P_t}Wo2C=}TJU<0Iyu>D{@Z3fh6 zJ68Hjx5uJ-7?xs?Uuz%`(vRWr+m#NkBnFxm;N*6C;x4J0RUD;?n!QKAp=RI@k|r;! z=H5wg77q!VX1FK0CFZPM2(ZOIeDdRxj-y4>7JMAL7`9mMwKo}LV4)*JNTWjI&yRSa#`%`u&SNfBJ5<6ztqPz)H9ryOd6_Bv5bm@?SBnk zj_r0RJt*yS8cp9_drSa*@G-6}7@u83*VxA@x3H7#W=3s{i%f!d?|=()Wgp+X97#<^LzVF z8Jv3@vE_LA2yg8EtGI)q+-uhEg`U)bE`268udc>ru@#^s0jP>0WH5r3tDPg5fQ?4= z_Dp2=}z<1T1{g*SkZhM_Ynq*M_;FdNyJF`X1DfVniDgqzIZE^X^ zW|xLuc{_r3cb)QhxPd>X-p+VOkwhQ!d7H(U-=*&~@FiRn)j`Wp-e6_Njng|1l7Cmf zQq}esujWhJVy3!b?B_4C^euiYaywH+tBj!)?Qdl7SQv=y>_EcmJ&)($gmS8lwXvXXnBU0hY!f3rs1Kk4VL{xhN7-_^U7 ziS=#Fk-*Ot5>0#Nqv6LeL(!#83lJzV08ae$*bX*!|nv*>3 z=G#*9O-@G#2C6nOBj4hH?Dl`%$iZoh{#Y&xfFPhqW+k3M_IXrI3oaocSKRFWZ48&e z1ZF?e)aW?oSD;nBE!0&ndh(`SvnE%}cIE6eY5haknFsHI#}>Lxl)-+j|0j(x6%#ww zX;i+8$yhsDE`OK%EdfNNRnveab@tsFax#quNg1mg3X%xO39-H~+^4HR7KLeL_AeE- zo=s7%WHm)ZDM`qx^CTN?nR-~^OX`|YGRYzgDr^I-;!v#+=p~&P@wwZ@C(_9zF6DX)N{0 zJU_iwMEeAHvLLppJJ%uXjZ|$+SoBkh|EV^;wrbfB$tCi6M0YGNb5~Mm@r3t(a~*?AFgmX=Ec24(s2jDV+%@RaAPyFy~}iN@3#Yk zSQAn2Eye4=@)8LbHp9>Ho9|ONV;KkDs|r4u(wn&c{1N<4;}DgmuLy*^G>)Zmsy{G5 z_E>DP#=Z;B*jyfhFwOQ))L@To{KT21_+jA^tN|7TQ&W)NU?2r@lLN@uB*ok-_9H)F sw$v0r^7aQ>K?WP?WNbchVoVQMhCamwb{7rH3S-Ph2>d`&lEkvV0juF-*#H0l diff --git a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml index 631968ad35..d7513bdf1f 100644 --- a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml +++ b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml @@ -114,7 +114,7 @@ transport: # Server X509 Certificates support credentials: # Whether to enable LWM2M server X509 Certificate/RPK support - enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:true}" + enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:false}" # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}" # PEM server credentials @@ -150,7 +150,7 @@ transport: # Bootstrap server X509 Certificates support credentials: # Whether to enable LWM2M bootstrap server X509 Certificate/RPK support - enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:true}" + enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:false}" # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) type: "${LWM2M_BS_CREDENTIALS_TYPE:PEM}" # PEM server credentials @@ -177,19 +177,19 @@ transport: # X509 trust certificates trust-credentials: # Whether to load X509 trust certificates - enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:true}" + enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:false}" # Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore) type: "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}" # PEM certificates pem: # Path to the certificates file (holds trust certificates) - cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mserver.pem}" + cert_file: "${LWM2M_TRUST_PEM_CERT:lwm2mtruststorechain.pem}" # Keystore with trust certificates keystore: # Type of the key store type: "${LWM2M_TRUST_KEY_STORE_TYPE:JKS}" # Path to the key store that holds the X509 certificates - store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mserver.jks}" + store_file: "${LWM2M_TRUST_KEY_STORE:lwm2mtruststorechain.jks}" # Password used to access the key store store_password: "${LWM2M_TRUST_KEY_STORE_PASSWORD:server_ks_password}" recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}" From ec602248c0cc22da1461e50176fdbca2ebf75519 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Wed, 5 Jan 2022 16:28:37 +0200 Subject: [PATCH 02/16] lwm2m validate trust certs --- .../TbLwM2MDtlsCertificateVerifier.java | 50 ++++++++++--------- .../config/ssl/AbstractSslCredentials.java | 26 +++++++--- 2 files changed, 47 insertions(+), 29 deletions(-) diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java index bae7522c78..babf385bc8 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java @@ -50,13 +50,22 @@ import org.thingsboard.server.transport.lwm2m.server.store.TbMainSecurityStore; import javax.annotation.PostConstruct; import javax.security.auth.x500.X500Principal; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.cert.CertPath; +import java.security.cert.CertPathValidator; +import java.security.cert.CertPathValidatorException; import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; import java.security.cert.CertificateNotYetValidException; +import java.security.cert.PKIXParameters; +import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Arrays; +import java.util.Collections; import java.util.List; import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.CLIENT; @@ -119,8 +128,8 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer TbLwM2MSecurityInfo securityInfo = null; // verify if trust - if (config.getTrustSslCredentials().getTrustedCertificates().length > 0) { - if (verifyIssuer(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) { + if (config.getTrustSslCredentials() != null && config.getTrustSslCredentials().getTrustedCertificates().length > 0) { + if (verifyTrust(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) { String endpoint = config.getTrustSslCredentials().getValueFromSubjectNameByKey(cert.getSubjectX500Principal().getName(), "CN"); securityInfo = StringUtils.isNotEmpty(endpoint) ? securityInfoValidator.getEndpointSecurityInfoByCredentialsId(endpoint, CLIENT) : null; } @@ -193,31 +202,26 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer } - private X509Certificate verifyIssuer(X509Certificate certificate, X509Certificate[] certificates) { - String issuerCN = config.getTrustSslCredentials().getValueFromSubjectNameByKey(certificate.getIssuerX500Principal().getName(), "CN"); - if (!StringUtils.isBlank(issuerCN)) { + private X509Certificate verifyTrust(X509Certificate certificate, X509Certificate[] certificates) { + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + CertPath cp = cf.generateCertPath(Arrays.asList(new X509Certificate[]{certificate})); for (int index = 0; index < certificates.length; ++index) { - X509Certificate trust = certificates[index]; - String trustCN = config.getTrustSslCredentials().getValueFromSubjectNameByKey(trust.getSubjectX500Principal().getName(), "CN"); - if (!StringUtils.isBlank(trustCN) && issuerCN.length() >= trustCN.length() && issuerCN.substring(issuerCN.length()-trustCN.length()).equals(trustCN)) { - if (verifyCertificate(certificate)) { - return certificate; - } + X509Certificate caCert = certificates[index]; + try { + TrustAnchor trustAnchor = new TrustAnchor(caCert, null); + CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); + PKIXParameters pkixParams = new PKIXParameters( + Collections.singleton(trustAnchor)); + pkixParams.setRevocationEnabled(false); + if (cpv.validate(cp, pkixParams) != null) return certificate; + } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException e) { + log.trace("[{}]. [{}]", certificate.getSubjectDN(), e.getMessage()); } } + } catch (CertificateException e) { + log.trace("[{}] certPath not valid. [{}]", certificate.getSubjectDN(), e.getMessage()); } return null; } - - private static boolean verifyCertificate(X509Certificate certificate) { - try { - // date - certificate.checkValidity(); - // Validate X509. - SecurityUtil.certificate.decode(certificate.getEncoded()); - return true; - } catch (Exception e) { - return false; - } - } } diff --git a/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/AbstractSslCredentials.java b/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/AbstractSslCredentials.java index 01b7242805..3170aea9a2 100644 --- a/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/AbstractSslCredentials.java +++ b/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/AbstractSslCredentials.java @@ -61,7 +61,7 @@ public abstract class AbstractSslCredentials implements SslCredentials { this.keyPasswordArray = keyPassword.toCharArray(); } this.keyStore = this.loadKeyStore(trustsOnly, this.keyPasswordArray); - Set trustedCerts = getTrustedCerts(this.keyStore); + Set trustedCerts = getTrustedCerts(this.keyStore, trustsOnly); this.trusts = trustedCerts.toArray(new X509Certificate[0]); if (!trustsOnly) { PrivateKeyEntry privateKeyEntry = null; @@ -179,7 +179,7 @@ public abstract class AbstractSslCredentials implements SslCredentials { return entry; } - private static Set getTrustedCerts(KeyStore ks) { + private static Set getTrustedCerts(KeyStore ks, boolean trustsOnly) { Set set = new HashSet<>(); try { for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { @@ -187,19 +187,33 @@ public abstract class AbstractSslCredentials implements SslCredentials { if (ks.isCertificateEntry(alias)) { Certificate cert = ks.getCertificate(alias); if (cert instanceof X509Certificate) { - set.add((X509Certificate)cert); + if (trustsOnly) { + // is CA certificate + if (((X509Certificate) cert).getBasicConstraints()>=0) { + set.add((X509Certificate) cert); + } + } else { + set.add((X509Certificate) cert); + } } } else if (ks.isKeyEntry(alias)) { Certificate[] certs = ks.getCertificateChain(alias); if ((certs != null) && (certs.length > 0) && (certs[0] instanceof X509Certificate)) { - set.add((X509Certificate)certs[0]); + if (trustsOnly) { + for (Certificate cert : certs) { + // is CA certificate + if (((X509Certificate) cert).getBasicConstraints()>=0) { + set.add((X509Certificate) cert); + } + } + } else { + set.add((X509Certificate)certs[0]); + } } } } } catch (KeyStoreException ignored) {} return Collections.unmodifiableSet(set); } - - } From e5e79a22f6e5ac0ae48634a77b67a841c61346f8 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Wed, 5 Jan 2022 18:11:34 +0200 Subject: [PATCH 03/16] lwm2m tests with credentials RPK and X509 - ignore --- .../security/sql/RpkLwM2MIntegrationTest.java | 2 ++ .../sql/X509_NoTrustLwM2MIntegrationTest.java | 2 ++ .../sql/X509_TrustLwM2MIntegrationTest.java | 2 ++ .../resources/application-test.properties | 34 +++++++++---------- 4 files changed, 23 insertions(+), 17 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java index 9e74beaa6b..87ca415bd0 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java @@ -16,6 +16,7 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; +import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; @@ -29,6 +30,7 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest { + @Ignore @Test public void testConnectWithRPKAndObserveTelemetry() throws Exception { RPKClientCredential rpkClientCredentials = new RPKClientCredential(); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java index f55c21dcc2..d1bc813b50 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java @@ -16,6 +16,7 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; +import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential; import org.thingsboard.server.common.transport.util.SslUtil; @@ -28,6 +29,7 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest { + @Ignore @Test public void testConnectWithCertAndObserveTelemetry() throws Exception { X509ClientCredential credentials = new X509ClientCredential(); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java index 32d176d598..7c5e48a4b7 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java @@ -16,6 +16,7 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; +import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; @@ -27,6 +28,7 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE public class X509_TrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest { + @Ignore @Test public void testConnectAndObserveTelemetry() throws Exception { X509ClientCredential credentials = new X509ClientCredential(); diff --git a/application/src/test/resources/application-test.properties b/application/src/test/resources/application-test.properties index 651b00ed67..856745797a 100644 --- a/application/src/test/resources/application-test.properties +++ b/application/src/test/resources/application-test.properties @@ -1,20 +1,20 @@ -transport.lwm2m.server.security.credentials.enabled=true -transport.lwm2m.server.security.credentials.type=KEYSTORE -transport.lwm2m.server.security.credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks -transport.lwm2m.server.security.credentials.keystore.store_password=server -transport.lwm2m.server.security.credentials.keystore.key_alias=server -transport.lwm2m.server.security.credentials.keystore.key_password=server -transport.lwm2m.bootstrap.enabled=false -transport.lwm2m.bootstrap.security.credentials.enabled=true -transport.lwm2m.bootstrap.security.credentials.type=KEYSTORE -transport.lwm2m.bootstrap.security.credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks -transport.lwm2m.bootstrap.security.credentials.keystore.store_password=server -transport.lwm2m.bootstrap.security.credentials.keystore.key_alias=server -transport.lwm2m.bootstrap.security.credentials.keystore.key_password=server -transport.lwm2m.security.trust-credentials.enabled=true -transport.lwm2m.security.trust-credentials.type=KEYSTORE -transport.lwm2m.security.trust-credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks -transport.lwm2m.security.trust-credentials.keystore.store_password=server +#transport.lwm2m.server.security.credentials.enabled=true +#transport.lwm2m.server.security.credentials.type=KEYSTORE +#transport.lwm2m.server.security.credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks +#transport.lwm2m.server.security.credentials.keystore.store_password=server +#transport.lwm2m.server.security.credentials.keystore.key_alias=server +#transport.lwm2m.server.security.credentials.keystore.key_password=server +#transport.lwm2m.bootstrap.enabled=false +#transport.lwm2m.bootstrap.security.credentials.enabled=true +#transport.lwm2m.bootstrap.security.credentials.type=KEYSTORE +#transport.lwm2m.bootstrap.security.credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks +#transport.lwm2m.bootstrap.security.credentials.keystore.store_password=server +#transport.lwm2m.bootstrap.security.credentials.keystore.key_alias=server +#transport.lwm2m.bootstrap.security.credentials.keystore.key_password=server +#transport.lwm2m.security.trust-credentials.enabled=true +#transport.lwm2m.security.trust-credentials.type=KEYSTORE +#transport.lwm2m.security.trust-credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks +#transport.lwm2m.security.trust-credentials.keystore.store_password=server edges.enabled=true edges.storage.no_read_records_sleep=500 From 367afebfd6ce4508631db1d69eaea8281c276278 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Wed, 5 Jan 2022 17:47:01 +0200 Subject: [PATCH 04/16] lwm2m add to test shell credentials --- ...cfssl_chain_trusts_and_clients_for_test.sh | 299 ++++++++++++++++++ .../shell/lwm2m_cfssl_chain_for_test_All.sh | 65 ++++ .../lwm2m_cfssl_chain_server_for_test.sh | 298 +++++++++++++++++ 3 files changed, 662 insertions(+) create mode 100755 application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_trusts_and_clients_for_test.sh create mode 100755 application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh create mode 100755 application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_server_for_test.sh diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_trusts_and_clients_for_test.sh b/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_trusts_and_clients_for_test.sh new file mode 100755 index 0000000000..26f47266a7 --- /dev/null +++ b/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_trusts_and_clients_for_test.sh @@ -0,0 +1,299 @@ +#!/usr/bin/env bash + +# Change working directory +cd -- "$( + dirname "${0}" +)" || exit 1 + +readonly TRUST_PATH="Trust" +readonly CA_ROOT_CERT_KEY="ca-root" +readonly CA_ROOT_ALIAS="root" +readonly CA_INTERMEDIATE_CERT_KEY_PREF="intermediate_ca" +CA_INTERMEDIATE_START=0 +CA_INTERMEDIATE_FINISH=2 +CA_INTERMEDIATE_NUMBER=${CA_INTERMEDIATE_START} +CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} +CA_LIST_CERT_FOR_CAT="" +readonly CA_TRUST_STORE_ALL_CHAIN="lwm2mtruststorechain" +readonly CA_TRUST_STORE_PWD="server_ks_password" +readonly CA_TRUST_CERT_ALIAS="root" +readonly CA_TRUST_CERT_CHAIN_JKS="lwm2mtruststorechain" +readonly CA_TRUST_STORE_CHAIN_ALIAS="trust_cert_chain_alias" + +readonly CLIENT_PATH="Client" +readonly CLIENT_JKS_FOR_TEST="lwm2mclient" +readonly CLIENT_CERT_KEY_PREF="LwX509" +readonly CLIENT_CERT_ALIAS_PREF="client_alias_" +readonly CLIENT_STORE_PWD="client_ks_password" +readonly CLIENT_HOST_NAME="thingsboard_test.io" +CLIENT_START=0 +CLIENT_FINISH=1 +CLIENT_NUMBER=${CLIENT_START} + +SERVER_HOST_NAME="localhost.localdomain" +SERVER_LOCAL_HOST_NAME="localhost" +SERVER_PUBLIC_HOST_NAMES="-" + +readonly CF_COMMANDS=" + cfssl + cfssljson +" + +if [ ! -z "$1" ]; then + CA_INTERMEDIATE_START=$1 + CA_INTERMEDIATE_NUMBER=${CA_INTERMEDIATE_START} +fi + +if [ ! -z "$2" ]; then + CA_INTERMEDIATE_FINISH=$2 +fi + +if [ ! -z "$3" ]; then + CLIENT_START=$1 + CLIENT_NUMBER=${CLIENT_START} +fi + +if [ ! -z "$4" ]; then + CLIENT_FINISH=$4 +fi + +# Change working directory +rm -rf ${TRUST_PATH} +mkdir -p ${TRUST_PATH} +rm -rf ${CLIENT_PATH} +mkdir -p ${CLIENT_PATH} +cd -- "$( + dirname "${0}" +)" || exit 1 + + +rm *.csr +rm *.p12 +rm *.json +rm *.pem +rm *.jks + +intermediate_common_name() { + echo "${CA_INTERMEDIATE_CERT_KEY_PREF}${CA_INTERMEDIATE_NUMBER}" +} + +set_list_sert_for_cat() { + local first="$1" + echo "$first ${CA_LIST_CERT_FOR_CAT}" +} + +client_common_name() { + echo "${CLIENT_CERT_KEY_PREF}$(printf "%08d" ${CLIENT_NUMBER})" +} + +client_alias_name() { + echo "${CLIENT_CERT_ALIAS_PREF}$(printf "%08d" ${CLIENT_NUMBER})" +} + +for COMMAND in ${CF_COMMANDS}; do + if ! command -v ${COMMAND} &> /dev/null; then + echo "ERROR: Missing command ${COMMAND}" >&2 + echo "Install the package from: https://pkg.cfssl.org/" >&2 + exit 1 + fi +done + +tee ./${TRUST_PATH}/ca-config.json 1> /dev/null <<-CONFIG +{ + "signing": { + "default": { + "expiry": "8760h", + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ] + }, + "profiles": { + "server": { + "expiry": "43800h", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "signing", + "key encipherment", + "server auth" + ] + }, + "client": { + "expiry": "43800h", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "signing", + "key encipherment", + "client auth" + ] + }, + "client-server": { + "expiry": "43800h", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ] + } + } + } +} +CONFIG + +tee ./${TRUST_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG +{ + "signing": { + "default": { + "expiry": "43800h", + "ca_constraint": { + "is_ca": true, + "max_path_len": 0, + "max_path_len_zero": true + }, + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "digital signature", + "cert sign", + "crl sign", + "signing" + ] + } + } +} +CONFIG + +echo "====================================================" +echo -e "Generate the root of certificates: \n-${CA_ROOT_KEY}-key.pem (certificate key)\n-${CA_ROOT_KEY}.pem (certificate)\n-${CA_ROOT_KEY}.csr (sign request)" +echo "====================================================" +cfssl genkey \ + -initca \ + - \ + <<-CONFIG | cfssljson -bare ./${TRUST_PATH}/${CA_ROOT_CERT_KEY} +{ + "CN": "ROOT CA", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ], + "ca": { + "expiry": "131400h" + } +} +CONFIG +CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}.pem) + +echo "====================================================" +echo -e "Generate and Signed the intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)" +echo "====================================================" + +while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]]; +do + CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) + CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) + + cfssl gencert \ + -ca ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ + -ca-key ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ + -config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \ + -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ + - \ + <<-CONFIG | cfssljson -bare ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY} + { + "CN": "${CA_INTERMEDIATE_CERT_KEY}", + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ] + } +CONFIG + #openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout + CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) + CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} +done + +echo "====================================================" +echo -e "Add the CA_certificate to keystore: ${CA_TRUST_CERT_CHAIN_JKS}.jks" +echo "====================================================" +cat ${CA_LIST_CERT_FOR_CAT} > ./${TRUST_PATH}/${CA_TRUST_STORE_ALL_CHAIN}.pem +openssl pkcs12 -export -in ./${TRUST_PATH}/${CA_TRUST_STORE_ALL_CHAIN}.pem -inkey ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem -out ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.p12 -name ${CA_TRUST_STORE_CHAIN_ALIAS} -CAfile ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${CA_TRUST_STORE_PWD} -passout pass:${CA_TRUST_STORE_PWD} +keytool -importkeystore -deststorepass ${CA_TRUST_STORE_PWD} -destkeypass ${CA_TRUST_STORE_PWD} -destkeystore ./${TRUST_PATH}/${CA_TRUST_CERT_CHAIN_JKS}.jks -srckeystore ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CA_TRUST_STORE_PWD} -alias ${CA_TRUST_STORE_CHAIN_ALIAS} + +keytool -list -v -keystore ./${TRUST_PATH}/lwm2mtruststorechain.jks -storepass server_ks_password -storetype PKCS12 + +echo "====================================================" +echo -e "Generate and Signed the clients of our certificates: \n-${CLIENT_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CLIENT_CERT_KEY_PREF}?.pem (certificate)\n-${CCLIENT_CERT_KEY_PREF}?.csr (sign request)" +echo "====================================================" + + +while [[ ${CLIENT_NUMBER} -lt ${CLIENT_FINISH} ]]; +do + CLIENT_CERT_KEY=$(client_common_name) + CLIENT_CERT_ALIAS=$(client_alias_name) + CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1)) + + cfssl gencert \ + -ca ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ + -ca-key ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ + -config ./${TRUST_PATH}/ca-config.json \ + -profile client \ + -hostname "${CLIENT_HOST_NAME}" \ + - \ + <<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_KEY} +{ + "CN": "${CLIENT_CERT_KEY}" +} +CONFIG + +echo "====================================================" +echo -e "Add the client certificate (${CLIENT_CERT_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks" +echo "====================================================" +cat ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_KEY}_chain.pem +openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.p12 -name ${CLIENT_CERT_ALIAS} -CAfile ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD} +keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS} + +done + +keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12 + +rm ./${TRUST_PATH}/*.p12 +rm ./${TRUST_PATH}/*.csr +rm ./${TRUST_PATH}/*.json +rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}* +rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* + + +rm ./${CLIENT_PATH}/*.p12 2> /dev/null +rm ./${CLIENT_PATH}/*.csr 2> /dev/null diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh new file mode 100755 index 0000000000..b3b114cb28 --- /dev/null +++ b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +readonly INTERMEDIATE_START=0 +readonly INTERMEDIATE_FINISH=2 +readonly CLIENT_START=0 +readonly CLIENT_FINISH=5 + +IS_IHFO=false +IS_SERVER_CREATED_KEY=true +IS_TRUST_CLIENT_CREATED_KEY=true + +cd -- "$( + dirname "${0}" +)" || exit 1 + +Help() +{ + # Display Help + echo "Description of the script functions." + echo + echo "Syntax: scriptTemplate [-g|h|v|V]" + echo "options:" + echo "h Print this Help." + echo "v Verbose mode." + echo "V Print software version and exit." + echo +} + +if [ "$1" == "-h" ] ; then + echo -e "Usage 2: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" + echo -e "Usage 1: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" + echo -e "Usage 3: ./`basename $0` true false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are generated\"" + echo -e "Usage 4: ./`basename $0` true false false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are not generated\"" + echo -e "Usage 4: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\"" + echo "This Help File: ./`basename $0` -h" + exit 0 +fi + +if [ -n "$1" ]; then + IS_IHFO=$1 +fi + +if [ -n "$2" ]; then + IS_SERVER_CREATED_KEY=$2 +fi + +if [ -n "$3" ]; then + IS_TRUST_CLIENT_CREATED_KEY=$3 +fi + +if [ "$IS_IHFO" = false ] ; then + if [ "$IS_SERVER_CREATED_KEY" = true ] ; then + ./lwm2m_cfssl_chain_server_for_test.sh > /dev/null 2>&1 & + fi + if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then + ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 & + fi +else + if [ "$IS_SERVER_CREATED_KEY" = true ] ; then + ./lwm2m_cfssl_chain_server_for_test.sh + fi + if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then + ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} + fi +fi \ No newline at end of file diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_server_for_test.sh b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_server_for_test.sh new file mode 100755 index 0000000000..efe6ed46dd --- /dev/null +++ b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_server_for_test.sh @@ -0,0 +1,298 @@ +#!/usr/bin/env bash + +# REF: https://github.com/cloudflare/cfssl + +# Change working directory +cd -- "$( + dirname "${0}" +)" || exit 1 + +readonly CA_ROOT_CERT_KEY="ca-root" +readonly CA_ROOT_ALIAS="root" +readonly CA_INTERMEDIATE_CERT_KEY_PREF="intermediate_ca" +CA_INTERMEDIATE_NUMBER=0 +CA_LIST_CERT_FOR_CAT="" + +readonly CF_COMMANDS=" + cfssl + cfssljson +" + +readonly SERVER_JKS_FOR_TEST="lwm2mserver" +readonly STORE_PASS_PWD="server_ks_password" +readonly SERVER_PATH="Server" +readonly SERVER_CERT_KEY="lwm2mserver" +readonly SERVER_CERT_CHAIN="lwm2mserver_chain" +readonly SERVER_CERT_ALIAS="server" +readonly BS_SERVER_CERT_KEY="lwm2mserverbs" +readonly BS_SERVER_CERT_CHAIN="lwm2mserverbs_chain" +readonly BS_SERVER_CERT_ALIAS="bootstrap" + +SERVER_HOST_NAME="localhost.localdomain" +SERVER_LOCAL_HOST_NAME="localhost" +SERVER_PUBLIC_HOST_NAMES="-" + +intermediate_common_name() { + echo "${CA_INTERMEDIATE_CERT_KEY_PREF}${CA_INTERMEDIATE_NUMBER}" +} + +set_list_sert_for_cat() { + local first="$1" + echo "$first ${CA_LIST_CERT_FOR_CAT}" +} + + +# Change working directory +rm -rf ${SERVER_PATH} +mkdir -p ${SERVER_PATH} + +cd -- "$( + dirname ./${SERVER_PATH} +)" || exit 1 + + +rm *.csr +rm *.p12 +rm *.json +rm *.pem +rm *.jks + +CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} +CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) +CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) +CA_LIST_CERT_FOR_CAT="" + +for COMMAND in ${CF_COMMANDS}; do + if ! command -v ${COMMAND} &> /dev/null; then + echo "ERROR: Missing command ${COMMAND}" >&2 + echo "Install the package from: https://pkg.cfssl.org/" >&2 + exit 1 + fi +done + +tee ./${SERVER_PATH}/ca-config.json 1> /dev/null <<-CONFIG +{ + "signing": { + "default": { + "expiry": "8760h", + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ] + }, + "profiles": { + "server": { + "expiry": "43800h", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "signing", + "key encipherment", + "server auth" + ] + }, + "client": { + "expiry": "43800h", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "signing", + "key encipherment", + "client auth" + ] + }, + "client-server": { + "expiry": "43800h", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ] + } + } + } +} +CONFIG + +tee ./${SERVER_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG +{ + "signing": { + "default": { + "expiry": "43800h", + "ca_constraint": { + "is_ca": true, + "max_path_len": 0, + "max_path_len_zero": true + }, + "key": { + "algo": "ecdsa", + "size": 256 + }, + "usages": [ + "digital signature", + "cert sign", + "crl sign", + "signing" + ] + } + } +} +CONFIG + +echo "====================================================" +echo -e "Generate the root of certificates: \n-${CA_ROOT_KEY}-key.pem (certificate key)\n-${CA_ROOT_KEY}.pem (certificate)\n-${CA_ROOT_KEY}.csr (sign request)" +echo "====================================================" +cfssl genkey \ + -initca \ + - \ + <<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_ROOT_CERT_KEY} +{ + "CN": "ROOT CA for servers", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ], + "ca": { + "expiry": "131400h" + } +} +CONFIG +CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_ROOT_CERT_KEY}.pem) + +echo "====================================================" +echo -e "Generate and Signed the first intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY}-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY}.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY}.csr (sign request)" +echo "====================================================" +cfssl gencert \ + -ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ + -ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ + -config ./${SERVER_PATH}/ca-root-to-intermediate-config.json \ + -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ + - \ + <<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY} +{ + "CN": "${CA_INTERMEDIATE_CERT_KEY}", + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ] +} +CONFIG +CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) + + +## Lwm2m Server certificate +echo "====================================================" +echo -e "Generate and Signed the server certificate: \n-${SERVER_CERT_KEY}-key.pem (certificate key)\n-${SERVER_CERT_KEY}.pem (certificate)\n-${SERVER_CERT_KEY}.csr (sign request)" +echo "====================================================" +cfssl gencert \ + -ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ + -ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ + -config ./${SERVER_PATH}/ca-config.json \ + -profile server \ + -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ + - \ + <<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${SERVER_CERT_KEY} +{ + "CN": "${SERVER_LOCAL_HOST_NAME}" +} +CONFIG + +echo "====================================================" +echo -e "Add the server certificate (${SERVER_CERT_KEY}.pem) to keystore: ${SERVER_JKS_FOR_TEST}.jks" +echo "====================================================" +cat ./${SERVER_PATH}/${SERVER_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${SERVER_PATH}/${SERVER_CERT_CHAIN}.pem +openssl pkcs12 -export -in ./${SERVER_PATH}/${SERVER_CERT_CHAIN}.pem -inkey ./${SERVER_PATH}/${SERVER_CERT_KEY}-key.pem -out ./${SERVER_PATH}/${SERVER_CERT_KEY}.p12 -name ${SERVER_CERT_ALIAS} -CAfile ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${STORE_PASS_PWD} -passout pass:${STORE_PASS_PWD} +keytool -importkeystore -deststorepass ${STORE_PASS_PWD} -destkeypass ${STORE_PASS_PWD} -destkeystore ./${SERVER_PATH}/${SERVER_JKS_FOR_TEST}.jks -srckeystore ./${SERVER_PATH}/${SERVER_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${STORE_PASS_PWD} -alias ${SERVER_CERT_ALIAS} + + +CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} +CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) +CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) +echo "====================================================" +echo -e "Generate and Signed the second intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY}-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY}.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY}.csr (sign request)" +echo "====================================================" +cfssl gencert \ + -ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ + -ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ + -config ./${SERVER_PATH}/ca-root-to-intermediate-config.json \ + -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ + - \ + <<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY} +{ + "CN": "${CA_INTERMEDIATE_CERT_KEY}", + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ] +} +CONFIG +CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) + +## Bootstrap server certificate +echo "====================================================" +echo -e "Generate and Signed the server certificate: \n-${BS_SERVER_CERT_KEY}-key.pem (certificate key)\n-${BS_SERVER_CERT_KEY}.pem (certificate)\n-${BS_SERVER_CERT_KEY}.csr (sign request)" +echo "====================================================" +cfssl gencert \ + -ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ + -ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ + -config ./${SERVER_PATH}/ca-config.json \ + -profile server \ + -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ + - \ + <<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${BS_SERVER_CERT_KEY} +{ + "CN": "${SERVER_LOCAL_HOST_NAME}" +} +CONFIG + +echo "====================================================" +echo -e "Add the Bootstrap server certificate (${BS_SERVER_CERT_KEY}.pem) to keystore: ${SERVER_JKS_FOR_TEST}.jks" +echo "====================================================" +cat ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${SERVER_PATH}/${BS_SERVER_CERT_CHAIN}.pem +openssl pkcs12 -export -in ./${SERVER_PATH}/${BS_SERVER_CERT_CHAIN}.pem -inkey ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}-key.pem -out ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.p12 -name ${BS_SERVER_CERT_ALIAS} -CAfile ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${STORE_PASS_PWD} -passout pass:${STORE_PASS_PWD} +keytool -importkeystore -deststorepass ${STORE_PASS_PWD} -destkeypass ${STORE_PASS_PWD} -destkeystore ./${SERVER_PATH}/${SERVER_JKS_FOR_TEST}.jks -srckeystore ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${STORE_PASS_PWD} -alias ${BS_SERVER_CERT_ALIAS} + + +keytool -list -v -keystore ./${SERVER_PATH}/lwm2mserver.jks -storepass server_ks_password -storetype PKCS12 + +rm ./${SERVER_PATH}/*.p12 2> /dev/null +rm ./${SERVER_PATH}/*.csr 2> /dev/null +rm ./${SERVER_PATH}/*.json 2> /dev/null +rm ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null +rm ./${SERVER_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null +mv ./${SERVER_PATH}/${SERVER_CERT_KEY}-key.pem ./${SERVER_PATH}/${SERVER_CERT_KEY}_key.pem +mv ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}-key.pem ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}_key.pem + From eccbd3290c5c443ae60fae111ce9539d28a6e85d Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Sat, 8 Jan 2022 13:06:46 +0200 Subject: [PATCH 05/16] lwm2m tests with NoSec, PSK, X509-trust. RPK, X509_NoTrust - ignore --- .../AbstractSecurityLwM2MIntegrationTest.java | 198 ++++++++++-------- 1 file changed, 105 insertions(+), 93 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java index ea30b43436..0c983f9dcf 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java @@ -15,7 +15,6 @@ */ package org.thingsboard.server.transport.lwm2m.security; -import org.eclipse.leshan.core.util.Hex; import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MBootstrapClientCredentials; import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecBootstrapClientCredential; import org.thingsboard.server.dao.service.DaoSqlTest; @@ -24,144 +23,157 @@ import org.thingsboard.server.transport.lwm2m.client.LwM2MTestClient; import java.io.IOException; import java.io.InputStream; -import java.math.BigInteger; -import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; -import java.security.KeyFactory; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.KeySpec; @DaoSqlTest public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { + protected final String CREDENTIALS_PATH = "lwm2m/credentials/"; // client public key or id used for PSK protected final String pskIdentity; // client public key or id used for PSK protected final String pskKey; // client private/secret key used for PSK - protected final PublicKey clientPublicKey; // client public key used for RPK - protected final PrivateKey clientPrivateKey; // client private key used for RPK - protected final PublicKey serverPublicKey; // server public key used for RPK - protected final PrivateKey serverPrivateKey; // server private key used for RPK - - // client private key used for X509 - protected final PrivateKey clientPrivateKeyFromCert; - // server private key used for X509 - protected final PrivateKey serverPrivateKeyFromCert; - // client certificate signed by rootCA with a good CN (CN start by leshan_integration_test) - protected final X509Certificate clientX509Cert; - // client certificate signed by rootCA but with bad CN (CN does not start by leshan_integration_test) - protected final X509Certificate clientX509CertWithBadCN; - // client certificate self-signed with a good CN (CN start by leshan_integration_test) - protected final X509Certificate clientX509CertSelfSigned; - // client certificate signed by another CA (not rootCA) with a good CN (CN start by leshan_integration_test) - protected final X509Certificate clientX509CertNotTrusted; - // server certificate signed by rootCA - protected final X509Certificate serverX509Cert; +// protected final PublicKey clientPublicKey; // client public key used for RPK +// protected final PrivateKey clientPrivateKey; // client private key used for RPK + + + +// // client certificate signed by rootCA but with bad CN (CN does not start by leshan_integration_test) +// protected final X509Certificate clientX509CertWithBadCN; +// // client certificate self-signed with a good CN (CN start by leshan_integration_test) +// protected final X509Certificate clientX509CertSelfSigned; +// // client certificate signed by another CA (not rootCA) with a good CN (CN start by leshan_integration_test) +// protected final X509Certificate clientX509CertNotTrusted; + // self-signed server certificate - protected final X509Certificate serverX509CertSelfSigned; - // rootCA used by the server - protected final X509Certificate rootCAX509Cert; +// protected final X509Certificate serverX509CertSelfSigned; +// // rootCA used by the server +// protected final X509Certificate rootCAX509Cert; // certificates trustedby the server (should contain rootCA) - protected final Certificate[] trustedCertificates = new Certificate[1]; - protected static final String ENDPOINT = "deviceAEndpoint"; + // Server + protected static final String SERVER_JKS_FOR_TEST = "lwm2mserver"; + protected static final String SERVER_STORE_PWD = "server_ks_password"; + protected static final String SERVER_CERT_ALIAS = "server"; + protected final X509Certificate serverX509Cert; // server certificate signed by rootCA +// protected final PrivateKey serverPrivateKeyFromCert; // server private key used for RPK and X509 + protected final PublicKey serverPublicKeyFromCert; // server public key used for RPK +// // Server Trust +// protected final Certificate[] trustedCertificates = new Certificate[1]; + + // Client protected LwM2MTestClient client; + protected static final String CLIENT_ENDPOINT_NO_SEC = "deviceNoSec"; + protected static final String CLIENT_ENDPOINT_RPK = "deviceRPK"; + protected static final String CLIENT_ENDPOINT_NO_TRUST = "deviceAEndpoint"; + protected static final String CLIENT_ENDPOINT_TRUST = "LwX50900000000"; + protected static final String CLIENT_JKS_FOR_TEST = "lwm2mclient"; + protected static final String CLIENT_STORE_PWD = "client_ks_password"; + + protected static final String CLIENT_CERT_ALIAS = "client_alias_00000000"; + + protected final X509Certificate clientX509Cert; // client certificate signed by intermediate, rootCA with a good CN ("host name") + protected final PrivateKey clientPrivateKeyFromCert; // client private key used for X509 and RPK + protected final PublicKey clientPublicKeyFromCert; // client public key used for RPK + private final String[] resources = new String[]{"1.xml", "2.xml", "3.xml", "5.xml", "9.xml"}; + private final LwM2MBootstrapClientCredentials defaultBootstrapCredentials; - private final String[] resources = new String[]{"1.xml", "2.xml", "3.xml", "5.xml", "9.xml"}; + public AbstractSecurityLwM2MIntegrationTest() { // create client credentials setResources(this.resources); - setEndpoint(ENDPOINT); + setEndpoint(CLIENT_ENDPOINT_NO_TRUST); try { - // Get keys PSK +// Get keys PSK this.pskIdentity = "SOME_PSK_ID"; this.pskKey = "73656372657450534b73656372657450"; - // Get point values - byte[] publicX = Hex - .decodeHex("89c048261979208666f2bfb188be1968fc9021c416ce12828c06f4e314c167b5".toCharArray()); - byte[] publicY = Hex - .decodeHex("cbf1eb7587f08e01688d9ada4be859137ca49f79394bad9179326b3090967b68".toCharArray()); - byte[] privateS = Hex - .decodeHex("e67b68d2aaeb6550f19d98cade3ad62b39532e02e6b422e1f7ea189dabaea5d2".toCharArray()); - - // Get Elliptic Curve Parameter spec for secp256r1 - AlgorithmParameters algoParameters = AlgorithmParameters.getInstance("EC"); - algoParameters.init(new ECGenParameterSpec("secp256r1")); - ECParameterSpec parameterSpec = algoParameters.getParameterSpec(ECParameterSpec.class); - - // Create key specs - KeySpec publicKeySpec = new ECPublicKeySpec(new ECPoint(new BigInteger(publicX), new BigInteger(publicY)), - parameterSpec); - KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec); - - // Get keys RPK - clientPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec); - clientPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec); +// // Get point values +// byte[] publicX = Hex +// .decodeHex("89c048261979208666f2bfb188be1968fc9021c416ce12828c06f4e314c167b5".toCharArray()); +// byte[] publicY = Hex +// .decodeHex("cbf1eb7587f08e01688d9ada4be859137ca49f79394bad9179326b3090967b68".toCharArray()); +// byte[] privateS = Hex +// .decodeHex("e67b68d2aaeb6550f19d98cade3ad62b39532e02e6b422e1f7ea189dabaea5d2".toCharArray()); +// +// // Get Elliptic Curve Parameter spec for secp256r1 +// AlgorithmParameters algoParameters = AlgorithmParameters.getInstance("EC"); +// algoParameters.init(new ECGenParameterSpec("secp256r1")); +// ECParameterSpec parameterSpec = algoParameters.getParameterSpec(ECParameterSpec.class); +// +// // Create key specs +// KeySpec publicKeySpec = new ECPublicKeySpec(new ECPoint(new BigInteger(publicX), new BigInteger(publicY)), +// parameterSpec); +// KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec); +// +// // Get keys RPK +// clientPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec); +// clientPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec); // Get certificates from key store - char[] clientKeyStorePwd = "client".toCharArray(); + char[] clientKeyStorePwd = CLIENT_STORE_PWD.toCharArray(); KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - try (InputStream clientKeyStoreFile = this.getClass().getClassLoader().getResourceAsStream("lwm2m/credentials/clientKeyStore.jks")) { + try (InputStream clientKeyStoreFile = this.getClass().getClassLoader().getResourceAsStream(CREDENTIALS_PATH + CLIENT_JKS_FOR_TEST + ".jks")) { clientKeyStore.load(clientKeyStoreFile, clientKeyStorePwd); } - clientPrivateKeyFromCert = (PrivateKey) clientKeyStore.getKey("client", clientKeyStorePwd); - clientX509Cert = (X509Certificate) clientKeyStore.getCertificate("client"); - clientX509CertWithBadCN = (X509Certificate) clientKeyStore.getCertificate("client_bad_cn"); - clientX509CertSelfSigned = (X509Certificate) clientKeyStore.getCertificate("client_self_signed"); - clientX509CertNotTrusted = (X509Certificate) clientKeyStore.getCertificate("client_not_trusted"); + clientPrivateKeyFromCert = (PrivateKey) clientKeyStore.getKey(CLIENT_CERT_ALIAS, clientKeyStorePwd); + clientX509Cert = (X509Certificate) clientKeyStore.getCertificate(CLIENT_CERT_ALIAS); + clientPublicKeyFromCert = clientX509Cert.getPublicKey(); + +// clientX509CertWithBadCN = (X509Certificate) clientKeyStore.getCertificate("client_bad_cn"); +// clientX509CertSelfSigned = (X509Certificate) clientKeyStore.getCertificate("client_self_signed"); +// clientX509CertNotTrusted = (X509Certificate) clientKeyStore.getCertificate("client_not_trusted"); } catch (GeneralSecurityException | IOException e) { throw new RuntimeException(e); } // create server credentials try { - // Get point values - byte[] publicX = Hex - .decodeHex("fcc28728c123b155be410fc1c0651da374fc6ebe7f96606e90d927d188894a73".toCharArray()); - byte[] publicY = Hex - .decodeHex("d2ffaa73957d76984633fc1cc54d0b763ca0559a9dff9706e9f4557dacc3f52a".toCharArray()); - byte[] privateS = Hex - .decodeHex("1dae121ba406802ef07c193c1ee4df91115aabd79c1ed7f4c0ef7ef6a5449400".toCharArray()); - - // Get Elliptic Curve Parameter spec for secp256r1 - AlgorithmParameters algoParameters = AlgorithmParameters.getInstance("EC"); - algoParameters.init(new ECGenParameterSpec("secp256r1")); - ECParameterSpec parameterSpec = algoParameters.getParameterSpec(ECParameterSpec.class); - - // Create key specs - KeySpec publicKeySpec = new ECPublicKeySpec(new ECPoint(new BigInteger(publicX), new BigInteger(publicY)), - parameterSpec); - KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec); - - // Get keys - serverPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec); - serverPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec); +// // Get point values +// byte[] publicX = Hex +// .decodeHex("fcc28728c123b155be410fc1c0651da374fc6ebe7f96606e90d927d188894a73".toCharArray()); +// byte[] publicY = Hex +// .decodeHex("d2ffaa73957d76984633fc1cc54d0b763ca0559a9dff9706e9f4557dacc3f52a".toCharArray()); +// byte[] privateS = Hex +// .decodeHex("1dae121ba406802ef07c193c1ee4df91115aabd79c1ed7f4c0ef7ef6a5449400".toCharArray()); +// +// // Get Elliptic Curve Parameter spec for secp256r1 +// AlgorithmParameters algoParameters = AlgorithmParameters.getInstance("EC"); +// algoParameters.init(new ECGenParameterSpec("secp256r1")); +// ECParameterSpec parameterSpec = algoParameters.getParameterSpec(ECParameterSpec.class); +// +// // Create key specs +// KeySpec publicKeySpec = new ECPublicKeySpec(new ECPoint(new BigInteger(publicX), new BigInteger(publicY)), +// parameterSpec); +// KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec); +// +// // Get keys +// serverPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec); +// serverPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec); + // Get certificates from key store - char[] serverKeyStorePwd = "server".toCharArray(); + char[] serverKeyStorePwd = SERVER_STORE_PWD.toCharArray(); KeyStore serverKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - try (InputStream serverKeyStoreFile = this.getClass().getClassLoader().getResourceAsStream("lwm2m/credentials/serverKeyStore.jks")) { + try (InputStream serverKeyStoreFile = this.getClass().getClassLoader().getResourceAsStream(CREDENTIALS_PATH + SERVER_JKS_FOR_TEST + ".jks")) { serverKeyStore.load(serverKeyStoreFile, serverKeyStorePwd); } - serverPrivateKeyFromCert = (PrivateKey) serverKeyStore.getKey("server", serverKeyStorePwd); - rootCAX509Cert = (X509Certificate) serverKeyStore.getCertificate("rootCA"); - serverX509Cert = (X509Certificate) serverKeyStore.getCertificate("server"); - serverX509CertSelfSigned = (X509Certificate) serverKeyStore.getCertificate("server_self_signed"); - trustedCertificates[0] = serverX509Cert; +// serverPrivateKeyFromCert = (PrivateKey) serverKeyStore.getKey("server", serverKeyStorePwd); + serverX509Cert = (X509Certificate) serverKeyStore.getCertificate(SERVER_CERT_ALIAS); + serverPublicKeyFromCert = serverX509Cert.getPublicKey(); +// rootCAX509Cert = (X509Certificate) serverKeyStore.getCertificate("rootCA"); + +// serverX509CertSelfSigned = (X509Certificate) serverKeyStore.getCertificate("server_self_signed"); +// trustedCertificates[0] = serverX509Cert; } catch (GeneralSecurityException | IOException e) { throw new RuntimeException(e); } From ba970c5d88eb1a723b12e2d8da7822e79c352554 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Sat, 8 Jan 2022 13:07:55 +0200 Subject: [PATCH 06/16] lwm2m tests with NoSec, PSK, X509-trust. RPK, X509_NoTrust - ignore --- .../sql/NoSecLwM2MIntegrationTest.java | 5 +++-- .../security/sql/PskLwm2mIntegrationTest.java | 5 +++-- .../security/sql/RpkLwM2MIntegrationTest.java | 12 ++++++------ .../sql/X509_NoTrustLwM2MIntegrationTest.java | 18 +++++++++--------- .../sql/X509_TrustLwM2MIntegrationTest.java | 6 ++---- .../resources/application-test.properties | 18 +++++++++--------- .../lwm2m/credentials/clientKeyStore.jks | Bin 4810 -> 0 bytes .../lwm2m/credentials/lwm2mclient.jks | Bin 0 -> 17660 bytes .../lwm2m/credentials/lwm2mserver.jks | Bin 0 -> 6432 bytes .../credentials/lwm2mtruststorechain.jks | Bin 0 -> 2982 bytes .../lwm2m/credentials/serverKeyStore.jks | Bin 3806 -> 0 bytes 11 files changed, 32 insertions(+), 32 deletions(-) delete mode 100644 application/src/test/resources/lwm2m/credentials/clientKeyStore.jks create mode 100644 application/src/test/resources/lwm2m/credentials/lwm2mclient.jks create mode 100644 application/src/test/resources/lwm2m/credentials/lwm2mserver.jks create mode 100644 application/src/test/resources/lwm2m/credentials/lwm2mtruststorechain.jks delete mode 100644 application/src/test/resources/lwm2m/credentials/serverKeyStore.jks diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java index 0e86c6a438..8331b99fff 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java @@ -16,6 +16,7 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import lombok.extern.slf4j.Slf4j; +import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; @@ -28,8 +29,8 @@ public class NoSecLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationT @Test public void testConnectAndObserveTelemetry() throws Exception { - NoSecClientCredential clientCredentials = createNoSecClientCredentials(ENDPOINT); - super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, ENDPOINT); + NoSecClientCredential clientCredentials = createNoSecClientCredentials(CLIENT_ENDPOINT_NO_SEC); + super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_NO_SEC); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java index af9a668376..5850e52015 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java @@ -17,6 +17,7 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; import org.eclipse.leshan.core.util.Hex; +import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; @@ -33,13 +34,13 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes @Test public void testConnectWithPSKAndObserveTelemetry() throws Exception { PSKClientCredential clientCredentials = new PSKClientCredential(); - clientCredentials.setEndpoint(ENDPOINT); + clientCredentials.setEndpoint(CLIENT_ENDPOINT_NO_TRUST); clientCredentials.setKey(pskKey); clientCredentials.setIdentity(pskIdentity); Security security = psk(SECURE_URI, SHORT_SERVER_ID, pskIdentity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(pskKey.toCharArray())); - super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, ENDPOINT); + super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_NO_TRUST); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java index 87ca415bd0..e6c26a05d0 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java @@ -34,13 +34,13 @@ public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTes @Test public void testConnectWithRPKAndObserveTelemetry() throws Exception { RPKClientCredential rpkClientCredentials = new RPKClientCredential(); - rpkClientCredentials.setEndpoint(ENDPOINT); - rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKey.getEncoded()))); + rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_RPK); + rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPrivateKeyFromCert.getEncoded()))); Security security = rpk(SECURE_URI, SHORT_SERVER_ID, - clientPublicKey.getEncoded(), - clientPrivateKey.getEncoded(), - serverX509Cert.getPublicKey().getEncoded()); - super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, ENDPOINT); + clientPublicKeyFromCert.getEncoded(), + clientPrivateKeyFromCert.getEncoded(), + serverPublicKeyFromCert.getEncoded()); + super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_RPK); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java index d1bc813b50..6ca430327d 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java @@ -32,15 +32,15 @@ public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MInteg @Ignore @Test public void testConnectWithCertAndObserveTelemetry() throws Exception { - X509ClientCredential credentials = new X509ClientCredential(); - credentials.setEndpoint(ENDPOINT); - credentials.setCert(SslUtil.getCertificateString(clientX509CertNotTrusted)); - Security security = x509(SECURE_URI, - SHORT_SERVER_ID, - clientX509CertNotTrusted.getEncoded(), - clientPrivateKeyFromCert.getEncoded(), - serverX509Cert.getEncoded()); - super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, ENDPOINT); +// X509ClientCredential credentials = new X509ClientCredential(); +// credentials.setEndpoint(CLIENT_ENDPOINT_NO_TRUST); +// credentials.setCert(SslUtil.getCertificateString(clientX509CertNotTrusted)); +// Security security = x509(SECURE_URI, +// SHORT_SERVER_ID, +// clientX509CertNotTrusted.getEncoded(), +// clientPrivateKeyNotTrustedFromCert.getEncoded(), +// serverX509Cert.getEncoded()); +// super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_NO_TRUST); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java index 7c5e48a4b7..28a10fd278 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java @@ -16,7 +16,6 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; -import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; @@ -28,17 +27,16 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE public class X509_TrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest { - @Ignore @Test public void testConnectAndObserveTelemetry() throws Exception { X509ClientCredential credentials = new X509ClientCredential(); - credentials.setEndpoint(ENDPOINT); + credentials.setEndpoint(CLIENT_ENDPOINT_TRUST); Security security = x509(SECURE_URI, SHORT_SERVER_ID, clientX509Cert.getEncoded(), clientPrivateKeyFromCert.getEncoded(), serverX509Cert.getEncoded()); - super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, ENDPOINT); + super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST); } } diff --git a/application/src/test/resources/application-test.properties b/application/src/test/resources/application-test.properties index 856745797a..dd1cd2807c 100644 --- a/application/src/test/resources/application-test.properties +++ b/application/src/test/resources/application-test.properties @@ -1,19 +1,19 @@ -#transport.lwm2m.server.security.credentials.enabled=true -#transport.lwm2m.server.security.credentials.type=KEYSTORE -#transport.lwm2m.server.security.credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks +transport.lwm2m.server.security.credentials.enabled=true +transport.lwm2m.server.security.credentials.type=KEYSTORE +transport.lwm2m.server.security.credentials.keystore.store_file=lwm2m/credentials/lwm2mserver.jks #transport.lwm2m.server.security.credentials.keystore.store_password=server #transport.lwm2m.server.security.credentials.keystore.key_alias=server #transport.lwm2m.server.security.credentials.keystore.key_password=server #transport.lwm2m.bootstrap.enabled=false -#transport.lwm2m.bootstrap.security.credentials.enabled=true -#transport.lwm2m.bootstrap.security.credentials.type=KEYSTORE -#transport.lwm2m.bootstrap.security.credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks +transport.lwm2m.bootstrap.security.credentials.enabled=true +transport.lwm2m.bootstrap.security.credentials.type=KEYSTORE +transport.lwm2m.bootstrap.security.credentials.keystore.store_file=lwm2m/credentials/lwm2mserver.jks #transport.lwm2m.bootstrap.security.credentials.keystore.store_password=server #transport.lwm2m.bootstrap.security.credentials.keystore.key_alias=server #transport.lwm2m.bootstrap.security.credentials.keystore.key_password=server -#transport.lwm2m.security.trust-credentials.enabled=true -#transport.lwm2m.security.trust-credentials.type=KEYSTORE -#transport.lwm2m.security.trust-credentials.keystore.store_file=lwm2m/credentials/serverKeyStore.jks +transport.lwm2m.security.trust-credentials.enabled=true +transport.lwm2m.security.trust-credentials.type=KEYSTORE +transport.lwm2m.security.trust-credentials.keystore.store_file=lwm2m/credentials/lwm2mtruststorechain.jks #transport.lwm2m.security.trust-credentials.keystore.store_password=server edges.enabled=true diff --git a/application/src/test/resources/lwm2m/credentials/clientKeyStore.jks b/application/src/test/resources/lwm2m/credentials/clientKeyStore.jks deleted file mode 100644 index a6c9ae7faed05c48ec1218e23a42c3025ae852d2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4810 zcmeHKdpwls9)IVZ8?$1V+`8z^r7faoTyo7Kw~~aYeB{y?OqdySK}BLOgxw-rlBDFa z(TZxxaVZgsq;!#Oed=sfBHG$cn>de|>D0_gr#|2u2XxmVxY?(+F|Bkr}Xrw_K2ni-bWfz@s=6CB*GFPk0g!dufX^N|u{P18lHZ>cz+#X=+GmPnADKMv-z)w>@4JBhb z95ADsN(Mgk=M8{HB8%2Ragqh`I5OS=A$$_)db__`Kf&{*+vqJu#2QlLoO2`e+65gI z-$gJeM>`{JIjxqb>8Ge_!lDMXA86YTCXKbnuGg^n=F+^#I@_T_2Ve*0!Y$8LB&ZQ) z8fIy2sm?Jp&$_ZJ{#<&$?-nG%2PjVctc1f&65w0nNI+@oo;Gz)1bBFnJ_Nig0-VtK z$i+`9(rT0kqX*_j_w@*Fd+BSSSe=pDsrHJU_wP4v8bC4krd)?AT1kHN7-kN~$tF(BaxIDJ$Zha)0{i0J#> zovXR|mu?hxEl}b7x^;3Dt#7!s^lHm~yIG-8)Li9+;k)X(YBi1vEBDnnA>Ez!mT$3`Q4`n9W+^X!+{4QYO-S3QT6X}EDl&Ek_+k0!5+ zYpLBXV#z;PQ2-f{2g6>%3gV9>L+Jzg5U|p$u#jbig&&wj*8pl_N-2dfV^|EPy%Rfx z%VDtvV0v2U9!Lqw-7z#C_5+1q>%r{Zrb<@rA-bN~cDcLZR##D3?^iAxJ|7PzzqBvV z*yMKZMJcE6p^Zs|bIl@!0%}5XejyKV-=T%)i-5C@=hRPSl+Ag>Zzi$gZEP1x(*mCg z~3 zcUGX)I%_?*E_{3-ZJa+cD?i<-R#=W=gwmu2hr~i!y5^m%St(XSs=P&_3t+#~|>9H!PwQ{m$UWGO2k zOFy7X*9MqKKnj|XB2NyK>?oEc2$yW@k1ZvUBV)Y!3qJ=m9_lR#FWA#Q!FtBRKlEK@R$tJlo_n3b=vB)WQS;b+(7BZC~gcdc{5>TRX>Hkx@c6+Pa||hi){oR?wITG zsg(^leJ5-T^ZT;2SlX2DLO$JrktE@ie zV(3OUHZe6@YW@KxHl`D?&h_4cZl}NScqNqV38S?a8?N=awxM`xRG?1AJYVaiudOGe zpVML!quB?GvXVcrfBp2AXyKVh6d6+wN(pE9O zsn;F7ks3QNc{q&6s497^$v>WtV0af}+7+|4Ma=vf{-UO`3IbZ2(e6)Sd+W8OGKhnve&F{pX!=}TYj4pS)bm=q zHg>r3!Tw%uPva9JIo&dQB!vMD}d)xMoZa~hgv(AwfIo@}ty=^|8i z?n)v@R27DTkau$Rd!dmn;Z)#ji%U2;K!PP4ijz*-ZqJH)6dp%CKfEigBQr|i7~(ZE zSNc%JWgeC&#P;~!=vb~|O|B&94a$Fi-o|$Jf-!&9>IK^k`kO|fskCT;0hJLwRNGo% zCZ`=e)~M|P>N&lva`&9jLkU_gBIznXQxTUp{5Q4tLBl^m{$qix3_<2fg!XQil~?o@ z=_63e`7j(La*k_O?v!R8_|N5RCM#z%zkh4i=|vq~di=F*tao-9r*Ip2(xUaGp`_g-CJ{w$T`QZdmIwKlWK4#oVF!}tB|TGZ8X?OTd* z)Y^xIg29viIhbnLsgyi}V&_7UU{xeV6q_Rm6!3(60W(Bg+a1{O7R+)8WGRd{wH@(s zK${GhI`sLXb^*4`8j_Y-$d*hvP4oP|D)0ZkP5Rn*Om0!NWp4tgDGpG|L5z=m>HIMn zbp-;Pp~*g28Bx;KSa>euVO`z+-kczeW;a<=?+S=f1MQ;`&`d}d^5AfFY+egkWc!CP39AfyQ}=1VlHt()E_ z1M7$I_@8ZhJ%PtNiS+k2y&uujiVJc5Gsor4Iq{=&2E7sHiH7dql=}VmE~1%wAjS=W z-US%MD#xzn+KIdbuX4}O1#U6Evu~aWyJvEnGFWtBU;QUP+JGyKj%mKTb$|Y4AvgC` M^f%}Gep;{ccMhiIP5=M^ diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks b/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks new file mode 100644 index 0000000000000000000000000000000000000000..490812c01ab483d3462a09cdd18bc405fa23abe5 GIT binary patch literal 17660 zcmbr_Q;aapx+vhWJ@bui+qP|+-`KWo+qP}nwr%VDIp<{W?5nl1cKV{a-s-BPp6*nq z-%im72)_XV0@DWw*MmV)hKPr}!UBQ=<^>2BfCLEV{1eWg4**yAA5GwbAOYaK|AaZ| z0|0Hnp#Og_7$`uXJpUhh|4(|;|GFL&mR^IN{lBX)^i&`yP`UBT(;ha*><Z#*DKPyl)yFi8CnaX=Gb5I{;01aQ{~^Lf*n;^*nhoTywq zGZ6o{KWuMA1xauf8CQ$NmRxK4wU)qN#p+}Y0z||rxMfcO?tD`%fhTAKHz-MkQM@ot z{ST*=Go@iZr&K0oc@0v^aTIi^$!CI2$HgewFy20D>DN# zD?JAz13fdxe<;phZw1$`R?_|=tj_&vt(@~IDKpk*Wye%IEA(ssxY#=8Nskfj2D*8E(53WAp0 zcQ0=_t0tjQ^$~9PaGG`u~kM&~X@{ZApwN+_f5fT0`$5>QBov}a>&r}>uotbGY{QrN zWr--T)G4_!rEubWxomU-z}OdXe@TC%{wSC}pnxMBsf<4%(czYes9NN+igaOL2QnEN z!A{?mmWEqjGvi79USqJ9wnmswP&An!Y)GqF#+&Z0&d$p}6-aEbPrlzj&k5=nt|8a` z#d?vd7z51O#8~i5=B|gAvZ(ssh%@~QaVBOK`v345H{gblldv8hyn2b;XNp5;p%F8K-j(U2HB&T z5#PDU=R0>42<~;F&{0E@iGM`WBfpt9`O6XHq7cLU^h=2?Q4z2t^OhL;Hz2d^!6|qe z^Jr!+4%jY1HspUJ&ipULnHgD`=>vEK{%f%Z2g?iKVf-gV3j_%8PeJzIEr9>(T{`)i zX>#=xf({&nw&UZV;gmcrPVw*D10v#Oc0#l(*~2e0f_lE89KQhWx-;_D3SVbCDSVJX za>GOf^OJ_n4UbmmWj=cXklPq+sls!q_#hg2oX921O)CKu*F(1AwNrS&)5H*w4vVYr zh{w|ljynorf~$~O^m{gV%whCmBi11mTOqJ$ekU@JIn5gRW6USw_=c%j*q4d$(#z-w zR$Wa!_aR)V5!<-iD@kNIc94ukA@@NB~9 zv=BMnn=5bKh3A#0eAfmrz^J7NA>aJ0ff`P`<5$hwL%X9^VZn3U^jL?><`X#f2 zzp!&}Ngu}Ovjle&tL{Om;V)`Qv@Q2R0c0#It$~MXnzPpW3ZqvLOD}|)2;Fld?B&5y z*Vt^GkV*AIF7u~Q_z}3$N`wjF>qB`q-)jmOS~tc{08<>Sn`o$s1Q={0;N4bA*O5@A zwo$pYw$6{26~S%?;d|qJFahyTu9ZE5q5R94YVctdLew4VfNta(gMZFa2kA>-}iuaCUzfWo%^sL$GG&xQc79Pq8t3DGJ(oRiNrw~ zyaYPDJh^RiI#Kc;&|ohNh99#;YY|6jI}=_EwSd+&=}%d?nS76e)pI>t52<^NtFsLGj8!t`5{1~+aw!%Y zs_&m$Wfoq{bQWI3Bc%)|tp3E$y95qg5*pa??!|=VLy?f-#S(0cLn9T_QsBn{)aJp5 z7w`qy0>tq3$IRiL01dHKBH!34=_M66JYWS#IW`t@h4zxV!K*#eX6e;?@?J^voyG>h zngMrJ%4b{PG_`&yuMBhJrL+%9X{-r|$Pw`}qntpr!NCdi>4A{4q)))O^aM^V7M;H; zg!+5Kab;r5#usI zGHB`nji`@evG`0PF*m&Fd&)==U; zs9UG%f(|WhNVrWd7`N#|&*(PEgLrlCSB`-Y0(?UQRaQ>4ocC3y$y{u9WX|M0usnfv z|H^>^eIq28j~Yd*&?U_)jHC$als0b|CJ=-B$#9dLOAJqhOt8` ziU7Et5dd;`t?{V3_C%&Uj ze3W?MyF(SI*%D+yG<8L~QSKF1jqFXLjZ;npHQ*s9^EEQ=BvvRV&>RH+Ru`?D>ihte z*~e)9kdc>H(M_J7}Ub+P(fUUaq1&j&L(Sr|p!_!&5k|vvdXxBE#fZzv8 z^KGaW?n1JM(`Jwfu79aXSWbi~gB$Xre9qxuo&FiI_Ct84$TEAtT45)U@zjPrl-`#b zD#=;vAM(}wCog37sENyMB%i91ea?Fqm`Vv0x>+~?Kb9EIC=E6u@HP@YpwBs&uwezF zbONQjM`H!5iI5DS4uK6&!rskUM;i)~wsY!go%Rs zc*+lsK1|-0H0X>}IuZ)9YqwA7S!=m&q_uyJFKe_KJ1PM^nxS8T_k3J@R71=CgeU?XE<{Ou=*5{6X{+PY_&zh&STzsgh~ zT}s4V?PJs@%RUfV`yKen2)4nk$$gZ)xQKSx-kwRDE_Bm`&Ysfgq>Pq4*=g`*hO(qM zA`)MOk8bH~XL)n99ANI!mZM6c*L>y=#S?1nknpt09Fn}qe|4>7?hyzYv4-jGc@YXT zsc-=6B}<-Nz_(LwL-oXE!+PhsPLUVXP~O*&$VT7ssS)^%yK0uh5{neT%3V4woOvJM z_xyzTaU-l}H{_SOW)<{Ys#tKfU!1{uY?43$M`C25Fw8XMldZ}rB&E!YeOON2bndEd z$@zcy?DP`>^%s4g1a}E-czPU+TA8$|_KQVA0mZ_V&9;Fu7=-n*|U_ zELkybz)erfIf0fq_YU%K3od_vYd55XBMQ0SfGR9+;k8|kR*l7SlE~&%b78};Q>DrFa_9V%Up&yPnL7lP3? zjaoJ?o)i-J?o(?r>4h`D5RX{ndQZ3t$T)DZ zM;+%XoKGSwKzF>ALW-j~VkEg(2@yKR0qp8I`{;eU}t+(DleenF>jB#n@fYi5qG>q7p`h1JY}v=Xzci z_?Kkd9qYlTxxE!`UA~D=6lt;PS;+>x;JOtD5M605+#HtEydR7(7h*C$Ac*jrZ|Qll zDpY)fNs-JYT~?IL393HAW&X}73H;ZaOmZEto>SRRb$x!KNSs&@FqaX(6}S?x8y<(2 z)a91Zmk6m*ef>p=a)9+!Y;Cwa5T|x#wQBcz_D0_5s}K?q3RuVLHg;&?1wzY~t%YhE zPBR#1Yye+KqASFu>UWR_Tgd_sT=Aq|4J$Q1JG`!m&UM6X?ECRi)s)<0=G)DfHuVSm zj@36rqJ-#i>XHfNGC!9z7L(T)<(6%9Gb>RzHSJQG3z;jQRFqQ@Ea!r}Kg;0ig^>=P zN8a=Nw7^cGz#jA)Uji?67m~>Pw#d0VQPh?uGfgg@c|(=@hyRRv7!OPwGt@3Sj7jRa zcm==|wK&UlfXFa^dQ+G>+9eKZe8^8gP@*I3$hYnOeM2AwxcR3}`OHeAP*j82B9^~6 z8a?GP5c{D9EUcWf=EAPiUTCvkZUIVhK4U2e%byrnPuh?tvBP2yBQ3UwjdqPor;V=i z2#yax?~eDd9%$0E^>K(qvBYo2e&S!XOkMqEvQ)@EpQfcqhS1BpGAsKb2i&uH?&7BL z+G6SVZmg@2jYuIgg!n0IhB7O|fwWM$7MDkKB`xESb{%x%3#b5ajtZm`-Z8M21zs+l zUyQ(paD;}DnRCa7Skg0qbN<=jb8xU9){C*UTyd6$WOF7$l$Zjg2eyk~w$4|@uv z(06oCI%4EK9QN|Q;ms*|v>IDdK30&Sc5~<85g8C(N*M#DwjMs&BKhmY?O=p!X(8;D z%-|cTalBFdOh7JgV|xA!YE(D^K*MU=hH0PzC%>?&_TNgLD}t*!M3#|fnH!5t;YwpT z&n~I-J0FJw`wHCIb)~3&-n}#n0g#pITXE$`6(WA|ogAojW$z?F{uc6G$XSFw!*zDk z2vHLE$f2a)SuRX5Cf~q1is#b!IG+}_lq-K)n)ZNBWy&;p^#<+(}v$@Cd zu8BA;!(3S*%AV4GZD^$RN&E7{1Ot;rrl1#v#tBb*gyJ%&kPE5;$i)&45yl*J{{#Ta z78eF?f)fz#?z>tFt^|30DAky$8JcyJ?F_)--;?1Q$Xi*~KISgW4@-F*hG#|Wb%Nc! z-U`eFyzW`&P*#uJ(BL`PNl(Jjh+mM5s@O-}hg}$POCRzbc-JQ2r-&rQUf=1EZ|}{$ zu?d*g0*GAi=a%bPWkepdNCq12@`ES`lB(){LieKYC_EaPcGfx-9o?!Su4=W@P~l1Z zA=ZFy+3@y-beSO4QpEUzrG>S?F`teipAdkA_&&%u_SlvojDUcw7c(NKcma2TjEe z6xW6*D?v|2(v^i0RC+#io6|*I$r-T}$^C;XMFR*L*)sI&mS1DPzwy4ALu*5efUDDZ z17(a7_ziPcH(Rj(8MBnEf3I#erN{JJxue}dc<3np;o#wlf#WA`vgCpIIz1t(l=vy?m8k59+sn*7 zZVDbUitt)aAsgpU2x#BHQr_6-fF&3fwWo~yTf+(naegx5bOGe?cPJFVKa;R#0vsG$ zjA#O0k2fOqm#8&nd!Y`Eai50paVm0d+#P(CJr739-)9L^37SqifMm#jcN>Cx)FH zJzEJZRpS^@rj0Jm6QeW83?yVB@5NxiNB2y&E)WZ$QK2C zIwr`2H3>zb*KGk7DveFe3r}KxL5I7{3`|AJu;l%EsdUq*>!G25ZI!}I^|1u;SkVpXL50Yt&*vD zFIgEzY#n7;=AR9oUYB6-74d0s8apJPipB#*HK5@BsLMGkW<$PmX#_rc&_=z+i(o>N zs74=kaRom1=N8)m<{?qD95q5G&7~LUQ&M8fT1FzmXk|VUS5<)L3sC^OpJ#7z!3hTC zI+7%^3MWHux)LuLPe5E3N?Ig*LSUP+D|oP8!O5y~9EL*wqQt*mX)McCD+hM)%mSY) z=;2eK@Q>BYN_9(hSHenVjKvu;fXYlXZ;YtSW)WFZt_9LF)e~D$_nn%LK~!| z0Up}nI{wCLB)q6#QL!_G^jNu#TAP%7Db}~qUD*%^pX8;ImM^ARM0l-XFlM+>08o`2 zL+4PO@tlzGu0m>hTra8f^kTK3dkjA_dXx=RsdDKT*(AJ}(xr~T=kQYe3Pe;@#06nN z?wFOZh#Z_CZf4$5;&uJWJt%JLYD>TFGLEvwL5DD!av>oadELw)q(Xpj3Aoq^kU91H{`_g1Xh;c!a&_( zKzb{*!qwC!dI9j$gvTM#E49CEJRx}lYoV`Ir+Ny>P!{CDo8O@@Vj`^*p#j338|DJM zIL3saO71*c2^bk==|B}M2b3ws0}5WAm703enN%rZxqlj8KL3%vD5%3A;0uImw z-Vh0K2wM?$KE$FyxRQD9!>BCa^xFRT1FjqA{dVe*k1L{BQ|ihoiwuZOdHa!IMgLW{ z`;vk-SP|^Q{TB42^i`O%rMFh`as9ioTFX$^}y&?89OZ_aI zsjMA2AH$*0w-EjGtDjfrJ+>u!!9c(@OL|*aOthu@1TC`aWOojHhJ!a3&TZI9>rz$p z_$n3cbIh9|xZ{CccgSkd*FQ17nu(!&uxz(qIug-D!cm@4zwU@Tpv2P!)TJI@U$UJpGikGW@iVBoNO?Up zZ)58S2+{MBak|N82zL9kp3A&q<#u|>mgr`LN~Lp>r)$%Bj?O%rmZs@oQ`|wQG)v2Y ztjDmD)GfPMt%-T$_+e5$g<4}!UQzW9r8U~L_Dv&5eBhdG6*N0K|)2` z?*Z-U)aw~#XbZ zDvT+6YrO!5elN`5S}F>tKBv4o&aWE?&XkcP@$h^XXjY-3JXO|2tRHNfAndZX9UvsA z3}|MT(h)ZIlg5!y#KQI_Rf1(Dm5@^#m)K2Y^4a)g_#N+aaRRQ-Be z#3A6SW&C98AF=s$q!8I%!+6A1{O=)B&%1#oSib_ETy7fB{yg3zRS--C380Uc0MD?S&mTWm zTsEj-u+xZD+3x2b84r-HzEf_+H4-*RWr(E#+Xp?I9c8|SiJ)gm6r4vCm_t@(yemTUJTF3wRGi3FM#hK>+Rx{u`F|v@P3D-?-gw85+ z;8}a8q4j9!m2bD!WWq>AmnqUn+SPL=?m%`z;T%vJyBefv?Ve6g+pUu2)8$ChwWbUPnQerRlmVOw$sy%J$o3flCC4 z`_eLkJ23Far+;uf^sj&o^|ymaDiUG1osPV5pda{gl2x0j@C|}ChQO1az%Z|DLW(ZRI z7#K76QM9;Kq)y;4A%8pFjBC#Mu7tX9Jff}LCti`cs$>@_g^R^uo-6$(Q5VijdMKDE z!79q-%Pr|S(XmznEH#Qbkq^Lpy_a15*t>*uckt(sRrU;aX`-SdW-Wtru}m9DB5kCI z`^qWW?-apfVX!8XIpSdLdY7*90PDA)&%gT($(D$jF2kS4dobmo5c&m3ip%^!f4@;B zd=A_q1EOi#yd(3R+-;X?agy|g(rFKv^w`H&SaOFqj6?4#bTE_ zA5vvcsm65R$kD5=!D=ZwVPdM6t5Lr>82mhG*(T$$Qg;G_k&FjM>t6kC#9eH!Wse|# z$bW$`F|!{}qvJKlfq!=AtK-!8Ffh&!|4cTD;|OKx36wX7;kZ7z8rSg@X^d|dMydHc z+Yv_~Lj*q;E1R74&g!F=;*#CmSa&*Iur{&ck=rYf);RXBW;w96$z2u7Z*Gl53&@Ey zv%c5iL4mi=pl9|sI#UD?Eg#KIJDenwYcwcS7kz6$adaL=IK5+KwIaIdVXZ;>&_QE+ z-Zr>sBScUUUbZn_Kucwad}>q6t!wz`N^ruUYp4^c^Qn(Vwb@mV#Sm78!&}XFRhz$> zLdFQm`mhkH8<}Ujx|a5bQ)IIYZSCYpkolB_o8csC`^3{~UTUOPPu^L2@WEQGlgCuq z=VL3`DM151Oo5eCvK4sB2+O zw5yrkq>(ioXC75%s-H##LB{Aj1(ve&0s2%PMaC-0rIadKFM4a7RFuu062ere;;e2v z(!EQiWkM8r9mc+KbJGHZ+vw4l>{(d&sKS(Ht-EF<3;5Pn;nZ}QT+if2;9uTE3qdYZ zS6@_iEOF^*6+%ZRc6hx=f02WXc3L2uh?9XnfqPQo%sR9RJNKf2Hm$02IGDa8cR@04 zNs(vN@2ucwaY=2GjgFsv@93g}cOPS23N5Ukrv2iG9@GX+8f#T&xv>_ zZsw{`TPk|=Pm;0b&eZOUFD}Q^@A?Vm3w`*~G?GRMR)w+9qTd##FPM64)M2SCC;e(pO2_-ZL zWX^joes!2a>ifqwq|pFH0Jf{;5o&xO3kZv<1z?Nnpp!3{xC~x?agRQ}#;-Lv4=A#;*g&F& zD8@VQF0)%{69ahW^tK=ogR|?VMH0G~o9rRVJdeCt`^_53a?>LzW_p@cFuB*m?9}kC zTTZ4Ydjv5cg~_Y}BVDGFF{P27EDLIFH`j_e!LPaezI7>TW|e&R!8PS1Bi$XqqXQKU ze_i@zXNtW~B}72T+luay|4Xk#roBJ!mC9L0p@g}S%fQ<@p;_%JGo-aUCy*vgDo4H_ z?&gn3vUon~$|h7NgyZ)quU#EXg{&jqLTir- zW9F0&C{XyZx9or@u&J!N7-1ji)%1Yyel0f;B{B8+}zE4~fS`wn^!ZaF`3j zXJnXsMs!iJmRps|T+M>@Rlo$)@m`Vs;XVXcjVbZntLpUGaKJ%PX!uEEb`uk007sFq5znG_Z3W|NVJ1q`> zi*u981sQ@bHKGK~>~mH#wMq!kmg?nWo-Pk;YBonlW*CO&#&rg^^e&&qO0T_PBOcu~ zx{&wd>{CO@^!6AjH=LMH7|kn3Lw-U)M0iQ`A>%)Lw-82D3m-V=!lKc@9_hmUX(r zMVkiS^V0PaE;Y9Aa?mpDy^cEst)+a$#UNXEmBrWai%)YSRzjV+vhMT&t;Z~tcz(mf z!nw4^o=n*-g3$N@SkUL_Op}^LabJLPhN}za)JFplJW7T4Gio1OBrg><&S7-7&z@*> zz9g|epB;yP4=%g*qkzzal3(pkLZaTDs(AmHsXBY^?W!i&PolGMJBNt3saZWzZf}CQ zh7)tX?pnkmmksy&)ggKIdH1}U6HEPx$Up!G|K8jih$*eVxZ3ks7Sr0}A;_eZdZ=h> z#A>PVusTPvRsMztVq}i};$N*kQ`YTJfZ(x@$haz2knw4=**i1K~BhNZsKXi#3<;nOKypyitO|o{uhM0UUv<&WY zTW0O5^TCNZnzLx1^bk z8{(r8RpCGTuMG8n)JKij^;ZwuC*K9px7cDzil9OKP#Hv?$&bg?+rqE&K|Dej+L;2! zbX6i1>}brDZ2Ft&d;5Jl|0a{fK_KMkX?lcmo`WFLFO$aL3j0vM!04pZS~u5HGhDCx zFInR{tkQU}(E_%9&0U5epqNl89EPMW07smeBsX^8+@AqXzfY49Tmugm4K7t29D=`V zJk)9ca(&m~8WFM}`L1FPgod&0lfRWh%x%R>rF4D(Q0GjIfolCNG_XPDf!?qd$bV%~ zsmdXO%mwpLQNE<4sJ>$pxrMWP5!|SU{qg}gWeVD77^^b4B-iHM1miE)F^tJeQ{a78 zx~iw0QtLe0#7aH20exE#_LGDzCp(po*-OQ#s1xbnhIdp5a5QyzX_rRa+M+K7_An{< z_M;ixXB~p?z1JNuD>JI5NE8X~*aCs$Y;gj};9(nRy}p|FP*djUc(%DTa^(%R%S3!429krhqquVX=Rrju%kmLE!VnpM=_TjftX+&@rD?eAu8 zWG{c4kNaysXf<-e3sM`K8p9dK?LY~b-eYe)>C2bmTELegq4#Z;Yz;-cS&Kt@o^e}g z7o$fgJUXGho|S>0e5sJL_FLBGS&kacR@}eiB^Cw5D-I8|aesO9#wUuE zRA4r9f89iK(7zd#?6k|1M;#mQ40)Ujl|oGduMgwSbzH_s9i4?Fg1!cx zG~@0N=RD?<33jh@?_>%#%22sd+HzGc6C41Lgl%U)vmwoEVgUT6*G;89K2SS#k?Vr* ztD;q+)ddb;9eoh4C^LRlR_m7U>tkgSWGO{Uq<4N(vR+p`J}7dBc?x^B3Y3TQVN?d`!|Y6BXly0HZWekw%ho=KRU{aLX?46F1r(}- zU6>-g(j{|rD*<_#1WNRd-PIi+LKLepK#v36DlI(*!4qrtSn?Wz5=$ILbX6N0tUTUP ze>u1zh_Yq<9D7H?7jM_a+9LE^M$5BZE7N+dl53(<*!99kSH(t^_0XsPz`@32J6Fh> z4%;sCD6|;>JlUf~C0+A_HfUT>66a2u0aq+1Pq}G&W~x?1SvmqpE|mV$8i&N&bb1`5 zT~l7#_Qs^R)`=}IeP=J*n6m8&Bt%ESwvZ41?Ca2d5SFH6d$1sn<%T|rx+(^Ya)C+4 z#`xf*lcE>7x_;2RawXP7rIo5{FH(L8;KTHLR8DR6C$ygf^nfkxz6j7Dorj@Pk;-<6 z0`#T01K(YAl`O?PW#*+0j&;f_d}F1Sr(~os12mJ=5QIHbn;nTb`4qpT8{* zH?rgYG!c}n&UlJ&Ysvwa{FAsP6%Qp}bCxhjdVi6#-yVnHgQ9w20)LbRJKtrC^F(F(eK;CYl(YQ;w<4%b}Qwt z&1&ICyDj~R&*w8|XuJe;md6b7O2+x<#rJ33$=b*1+ubYqFbf%8%eKq7?P7TDVg1<7 zzBDPoUIrV=gh(iIPys2dOOr-4UEFsL9d!mcv~#iSWdF_fET~xoNbV=6EFvX#kH&#- zcHar^v?~b+t2hA-`k78_o`13&YV5b7EFY??$O&q-!aVE9;(!QSpytpst|h>FlLL!R zo%cr*MxcM1Pz8Dbm06a~_;W2&s=2%A9>j)s+~cDZM|qG_@A312s>HY%#dL6U6lxW>aFho2jPkX0C}g=20fnzJcX!-XbN?7!+ob zi7Y!JgIy&aQ(VJ|$%~^M+IE(ycB=rw7^GsoT&l}}yfJ>yVQopCuH)*ksol0z5w&T| z-WBR0O{$C&Oe9Hcx=$-$QD>!NYqnj~w6lpP#o3{P%+?cj+m1$qvz2IXXQa?=&VD z2EgXLox_gHjkSZNu%zk?{j&mfYf{L1+B!w@fNn+GwN5L}puBoRh~Y8urw|vJqA|(t z;~*$6Gd6N%ciw96NEFHpK8`-n9}*)koxOv8Mkkza4@D^F-PBqJ~nMirzhzZWB z@X!VOS*ZmstU889>N6V`a*x_SNsZR=9aI+3Oy#Oj%hkg z<8s)MJ4lH54NLHBW?Vg$&Ht$nIoInr)DCP#@#VzYqzH9kPKAIwCeM;&mx*sD3{U({ zc%}#)AB*tC=~_Pau+LJkX`VX5JQC#m!4$OZsiDB_?g<#5Ibo8J5}@{@lB?1hQo`Up zL}p~Ml9}#HZ83jD$z)s`Es$bb>^}3MXn%zi+>aq-&u5CO;kiaAODI%L%8%0%q(jwK zHD*h?!Mz7T=JT!t-HL|7xg5j8#@lbp8n!M`7+x1u@2sZ2En@*`_|mJ4S!+rp07l7& zilU=~fCF$AD6iwy1)XtOmZIu~nz~*p>~9>>Txkdf$He==o0DeQA9AbYE@Ja7h1uWQ z{F9q($@-A4b#W2t)Hxwx_jFnL1Bu7((_UUELFqQaz9n`b&-~`-O{9+7a=1r8?v&6$ z5*pyU`jOvx7^-QN!oV#>v~79<3HdjD&lfeLO-AyQ8ws{l_JAg@2s^xnmUE1~e|9~}r3K7!Om1%)5GWP zAk@Gu2C^9{3UnADm8#Wid_-&;_fxeKg#1?o2uVs$In{E;3oiYuikiSY*B zF+tGP&QcRI&L1 z<*}Izyx|UNJvb+5>$N>eGL3Npd9q|Hq-(@q=$brD)7SJl=FB6f5~=rJ9p5->plggc z(?n-gLao{5zN)@Bb7BOC{$#E@m>4tzXa#q% z`Ze3y(>n*3K3^_+2R!PCMD7!l%s9>$Rl~r;quc1>Ho1{e1fj+X`}2orYKWK|xU4C0 z%oAC#r|lzhWxj#hfTcM3gEuh1lNN)^8jZ23IF}T|!qn$KvHLYU>F^6K=M8PeATe`) zQE5R@Y_$3nu$Q4S2*icOxqdE>vxYSe&o)hM>*hFVRS*0(Zw`9Uck0xp}S-F^3zt6cs&m_{7(#Zfg(A zH%23rYIWp8n4K|ahsMAi8x}E3I+|HyE2tgtPl zR_#yB7ix<#w||cx!o?O>d9Mft#gzGOr1%Q)HO+x+Nma$*(!3@1?JjtJSEqDU&!mr9 z>rmj#SmmGWx>BWwjSkpyNy^^5Tn(m-1KNbm9@eKttA_H$dIco-DHXhB=Bzti3}wpG zYELUFFQXr-zO;TzSXHxlRJP1pKx5lknV2n-#UXTgT&|_rIVT5=m8P*wFs?YJAPOPs z;aYtf(m{S|Z{`4-daU!ezP%u>*S--^v*z$s!$b?{n)jSO`=*k`DxId z)*HNj|KzY%^3428# z427|pa1tE*6hg5VZ-a^0`(Ty);SYPj6f2xAPd|S859%3PKwpZ7O*7-tkowIL1u*Mr z0xAO)Lt)AS&?!S}Wu}a0bsIKsz#isbZ;Q52v;AaDkXj{7*>4hM~egzn37M$to7yT!61&@jH5Wf<^#ev@g~i zHf(rRfMH8lRnIlfu6mPh(^A9e_Dzf%OXpNO(yXqqjN_d=z}Lr2uqfZRQnWN zRjlhj1n+ZTI;LkM)n`asrYtt~d#JY9We4fO`#>p6$g%!v;jn*dpFv1joe4vWRqXJB z5t4KuZQd!>SHijRs?;Pxq4yI$!bXs&Q(1196bHdE3x zhzWR$GWIf5_pbI%o$WzfqKk7F7)+Ey17du=@qME;b@c*8kz3tDWM_DH_)Q_RG z3@mDSEVqbB#1zfADr+~n;$^T%o~F_p^70cKBZdI8H|R_u8~CfwFnv#U-~CA6?EStw zN&O{7jSg5~b~>JmhFtL)fODFaR0n)3S*S4LJ%O4i($`rmj`|?Aslt40;B6EVx@3Vb z8E)h?a%15Ml(3VVi*qt1Y))g=P&>NB)Jv%hgUJOliXj`OzmU$Ug=>RwN!JwuS*tvh z-$FgZO>jJhNH}U3Arim>pTfFzEsAZG80BAa0^ruGSVp1r8x&%O>HVxgR;CjVtN6tmTn@qWeb#(r6m%^5%QaQ;JS)HfPvqb%z+p<7q@I;F5Na}XH1hv%+B*EC6f;_zkegU z%RJ9}{=K(WUk$*MbmneEaDINzkoO>6)EdY;FoHE?M8K1qbYH@sb)r7}2WJGikL_CRJUJfCdL4XxKG7@Tv#KofZuF94X#lk6+p`pK@fm&45j`7mneZg7BG?|Tb( zl?&3$q;CyE&yg1~-5fB{eJo$rRRo@$--bsR@VmTL*;B>Sd9G2d=W&5DNhzcFH&^p^ zLj@2fn|+!rscw}gh&e#82k%xF#Xp-T21k(qVIK z_4yiqj&}bAP5*ABAJ#{x4Z3Cr*tw^sprb2on|n`w{d=zi294qRE|=464RL^*abuUW z0;}|@N@drRKUFJ?k|UcDyvE8cjNB7JhOoXcb#x}dFjG$nwCJIjUNm&9(yBliLHF#O zo=(7(kTuhdO=`?Fl{vZ+)wCA^Gj@;`zwkuLGHe7pBR!0l5kpF#D>Kgy{95^c0&)S3 z{^op%0$VOPTm#xW!zx1tDTa+&hF*AAk5~Pn`s)Dug!jsm65`juZsLp&nc2nE%ojR*NCGn@#=YHsCUvCsh#dtbR* zDe)XO$g}_rLF>F2-+vzHs*oKPFZ4}6bd~9=O;aISt9do6_{HgulDR@mRo@fAZFMVS z4_BW>6bir7*2O11-%<_tod87})c_A33hATk-hHuq?1uIUN*I>%>EASCtC|fC3_G(2 zF@4t^dDuJMF~}AAX??BVQfXrVMVK}kl2lS~S=6Z8&nxpROzy$rG~?EJRqPd9Co)E# zcO<)EDobjzv4(?0SD*pCYei?MOu3ZRb;@JbunlnHnh>am#=Nt7j~&psXi6nFdfvwXd}b1Qe^47Q;6J?Lgy*av-MkenUa9 KeSQK10fwM$Q%GO{ literal 0 HcmV?d00001 diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks b/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks new file mode 100644 index 0000000000000000000000000000000000000000..a1923e942f923b8d84a989055ec50c2441f79259 GIT binary patch literal 6432 zcmbW)bxa&gyC`rLcPYC#i?bA6q!@YtiC< zdU8&_@7&x!?#az0GnwakW|H}3lF2~BDQQpvXwYzqSxg-ENTtYY0ss~uFPx$eJ)ENZ zZ@3d0j@tWwq);2t!%=JhhAW}r04+?s|6YZU3qZ{adxD1DLv8+5k3j%6gbM$AiVx*L z2U6Q15bsYIme>Y!z041qhoW3B?om-8#HavzC_X0kf9;2ggMk92#l(3RsRXb_LkF;< z69<2=RD1lmyme__asL=|dW9Yq@8V&NxmtD6_bx(hAzw)a3 zp7kA$)lkLrx*}#0;d$tz;Q88;v;*<}HKYqOtSB3J)*M;Qp>Pm|t#@W|cK6P30)iRP zR^YqlEIxthOpGI4|7JpYBRPhdU+&hvR|>;h;a*;HEnp=vz~-)W@fmvB{k>&qY~0At z{SK^>5cJCDiB}3r{jbyF0C@?)_$VGI)+p{M-v8M{8UCFF@dD9b=-E42)AI@n@Cpb* zMR-MoUJ3m*)&Ku64T{6c=&LcU#ew1M-He7M?rkL@|2L+!nHsg_J831B#iV8hOVOYH znp*m8bmBLOdpVLyVn@&}K&K}29D_qEC1e7-m}@&@hNM_JOZ?Qu#jmFUGoqh|@nD_8 z(oIHTImsEb%S0!*x*BVfnpD-hLG{ANPA#a77W!J|tBOob@}PPhkS zWu*wYsV1J%*M`iQQrlnt??se9*hf90h&{W}Brf8F08 ztwPHF(dR2e&f4cB?ELMsGFsmMjkU}M<>89U2yduYEuf1JJvlTS^sbWWV?{&qp(mHc zDI0b15&xyb;I3^vw8`!8s$=j)4eZf^Wp`q+pRD)RgLXuB5lsw6iGl~AEbr(Jcl_<4 zd}q6QzPwLD*367)M*iC-n z*1|IEnqPMiO?tYnd{K5;-w>CBJuc(-)8J6BpeB(eS|G7{NPty~MeIWWxGlQ)CmqV0 zhJ*CUb?81(`jmcY*2;`8B1!*fAy9jj>F_me>yN8`zfq|SY-U+g79 zb!kRDvgAdqzYD?K7ZjJg0HPxA3Y=M01R!kZCdU7SB8Ky?Ysu$dG)M11v2&$E+rl}F z(C&GJb`}zaCB~S6E1V<-Z^g477sq}_(JV1G9|XHHfSclP z->B)Twr+8p@0A7OA-f}2+XuClyLY$UN6ZwSi@K*!GL9-u%0|iV-gPG63vIP({LaLQ zx_a*bx=&Zli_>oe@j=2*!u@9 zZ_YOk<)rL>YqphQZ_o1F~^#$0B`aZvKbf7M-^VZew)Y#YUaP!^g8mnsr+sh(6D6 zsrVk7Ikb`4PWp8+(@T0(kkCgB<)GdqLoJ7-?wfn}Y$Uf>>-$$kCSNqpge2Yu?y$T0 zdPa&&sP15J-V?4%uJ2nHZlGcBMv(ZOIDX+%eadeWHM}wQ*2HWlpWtKqBM^57Bo>|5 zzewy6y5FJKkxwUgXpF>qSO2JRCOmQ1>+>LE{O!21&J)8^Q~xN0C^VTO>E*fk2wk6R zdw%>JDN+Bqc`43USXgxsBONs7bwi0NxfI=obJ|DOB55@x^wrfu-?x=p*LyNPD4v(L zgR(d$zXs^!I*Zh z+yjvwq8*o(dZ9|HZgMOPXgT2=Pi*P1{sU6-CKj%^gCMD}rt@y1W1{e64XC-6*snjI zy%F1{%Sodr331_KGri3s_7QYLVj{b}+_WWh4z2XlbO{kuZ(gDl(|D}D(m}HE_mCCd z+JEI!I9BsVS4simJY1aRwaV*pXTZ?n+d zh$d^eFt1P0`ikG_YvouX{yd_y_j=V1kdoB4L?p<}4`OxGL?onK>=jH|M2|6kDq5haitcPf2k>UJId)PyCpuA~?*h^0uF(dDF<$gyFjP;lRo|k_t{LIU> z=-GnAS_i-v$F-@{z7}mllRY&4#-aJq7bEVIL2!H-l+c_4BgrWj`rM#+1Dj~zM$wtO z&4>c7wzM(Z3%6FZ^e(RF1KxqKfs4w5O3kOGTzb`Xe>KlDa8*1ZjFRrkJY#_t2@wEa z@k-A=MJK|vZX_x-Qunr+9u`YIo^I?i{c71g83qE7We1EiJ#YEzu>wD2%Vvn{y8U#M zqjc6}L{q8VA>B3c)NxT3o~IyB!rR zyikeF8-U~$QrOxA$c$q`BK>~C1AJO$DzGHM8(Z`m*0uuaEX5qPc?RhXY2cX|+SLfa z>m|cOWDca`6Lvbiyj#iTp6a-3Zj1XcD$>3b16P(84-a-)lv9NU*?1U#nL)NisY3V*T1U#k@AFJ3Y$NZ%~+r3cr)-T9o$7~?Lw=4B{4>R%CR zF}#*Yt$Yhrts*MNC32Hn%=NYj>C;|_@7#O$u^N4Ks4CajYC=Hz82%B2;}qQUi@?tZ zmPs4;!UKET2Di8A@-vrRDw)q$3N?BZksg+vEa z=B@D-&jAhhHj`(5%NB}|6l(1BVq)@z8Pjj5R2AZ{!D zb?YUHcuUTwktvf$NLicI*bZZxD{g73LBdm{W+mtOhJX#eGg_jg9JUVI=ovRr@~=^R zA@+p=J*A?SC%3l1)ovX4|Z0?3zctRZq0Bu0w)-n9Gq_#N*Oj>>fx;t3X2Uh6#Zs zqG3>SM5@sqfJRck;$7^nD`L0)_UzCskE|>!51lszX?8GqKzz1n8z5g^Z6IY?uUCRw zjl3?sh&RykFmS<_opKY2{wc_cSK6{IeLXMLu*5tjT0W7w^$*1`c|>QQkq?JO2usji zO3bTJxY8D_WG8#JmWjh%y+_k>Qi5ff3JXWz+*LLc_0|n%xMAxP-?BP^? z6GY#m%MZTtDtFoxf8_)i`lR==vyR_)kr>b+2hn|kZpJYMg_W_N#Saqmc1$?2(m?oCkxL!GwBs(RL#L=+7op}c9~L@hh8 zMJms7h{E3Y%9g@`*>e&w91>T9@VoDfHX_2oOkdacWyp@vMjd9SQOv6K4$0z}-GXUZ zgXYOR1cdcOFZQbL?pz9lC5%MHS1LB~z^zp-n?GnkeBEfQZ?fus|yq8QE2K5fk8bUjjLn$R9&;m=h|##$Fd1N zRRkM4*XMN*T@8%&eSyG09hgf4h3ZS0fePQT(-p)rR==Tt-vxbN1f`o*`7uk}sjQi_ z^HGNkb0zFaZNmRVbc#F0k>l46XRGgnctmg@$z+FuT7=c|(eo{tN=_b$Qq#uTP4p0D zk_(oWWROzJv;V15LOx>%Wz=hNti_iQL4DhfZ#rs{HwiJ#UnG!%T)FG%pc?cM&MfCjkwInO@obU>*7U zY>O8r--p1Q+*-78lO#^0vhs8TLk3Y@L1fuSPgLx!dT&^W`TAAw?7Aw7eD{U+nH zs36mAwQrd4%Npi^wXhO2pAZaxA6r|n>vpy#L`MgMlzfs%@G|!ln0ecTtze14ttT~X zXmtre2hq;OMhA>yul$Bf<-`yk{@`Ws{6ZYWCi#+>qImgCwIaqoOt8rKSb3P;kl(f0x+K?8B+o9}{GKj0n*{em}Zn>b0l39@pA94lgFVlSWtz8iV*xWbHqK%lIO7$(z(ipqaB&SX+)FS= zW-Q}&;|9)g*n2ga(XFS0b2l~Zv5`(>u^pR0{Q}Uf$=ieC zz6k!UKU$J*{;ilowc9=eGHMWlRGqvF))_BD!DaYPjBK|rjsos-ufpqPaGNn{L2d7d zrW}oW9O>$&Nt4aFs!@g;YQ~`d&yW@#HT7K6K(jL5Qht*^id~M5yX3Rz5ce7yckfzx ziw@$KDts>*kms^mn;rtl@jf`#(A_$aURoYmBwBU%2rd+sUv<->YaO{}9xv%dM68Z! z>-UNGf7S0JhswBadQFdrgQS=RgD^vi;nX|MA-K;2wOL0zocf}xWeM$Lq`?Yl4-RX7 zShtCaMGWJE-}*qGmHymy%<(Y=a=n2xe0mRwX|*qS_>uLkTmm`ZFe79xWxF226j9dL z888y7x?-uHd#}~r{|(+irFt3_i{c!*8( zn&uIHE$Ai^tFQfu%o&qO7vK0z>k@mp>moaBAIUPf= z3|hUML`S(GbP1UHxK`d)sHPIWs${F$ZW_+oie6gCdcwWmZ?({G&rDb(p&{b5%QFyY zX10(pzfiqAELf$gT99Oyq?<{RB_RazI4%Kuhq(e^2R zOuzH13m>|pKL8m`e~UGAYkbNtEQrhNObE0TLfLS`?*K;0`sFig7_PD4e)KA850UFI zkOcBWNuLep#vypHaDOttN>e=xH8BiSbkGGvQvkOK#}(-gVN zq=CE9abW^^47Q{~$s5<4R^8yL#>k`K9Q~Yn8h|N`ig_g`7O@L@bOS ze*He79`rbS=h^`sn=dho z#8%R;t~G-Mc3WEdR)9RYwdojhBZFwa0lWD&3B7R|#QqF3<00ubnvTrUG|!@6B!*}l zL1Ce`p|)vF2(s#Fq!#0ws7$@VyeD;GhGBDkx+$-c8*Mce73F(#;M00=36f2WzsQz8 zfHV7BhWCZq&B|SuN#eru_5)a9UG=$jNZqdl%d7IaX7WCUvryZkev)nji!WmuWDMzW zH9$>7 zj_K)q6}w&Ez#_av_>@EIvCdmYCC7LNEV#0xY!4uvZVlZ~9r^5|a~bxbtC^YmM~wSyU0v}Eu3|n-1qF8Etk&@dB&YqYd+WOyG@fFp zjE2ij<0f$c90d+$z+Fm24^Pq2F&;~ivKy=D3-qwh^o;p+^=EZBqmhUp-)-`SW1|=Z zSV#eXJ_IOoO1?qSY8}y@7^%>_0LFe=9^1mTuU_hsZj_%Z;S+tZP&xL9iGt&nNLU=h z85#hkM-2*}T4DjH0*9P$EK?xTz-Z-HR|yIiJd+UhyY$M26IKf=>Ky{WVWkT{>DS*!TABHlUi&eNt8Y?*M*XCNRtbX@R^1>Af5 zS?^6<3b{?nxfGPa!Q>0C1Ba$vZiPr5ejICBL!D}YJVOh;yP64`75(*{;jSNw3XGM5 z)%OvLyjQ0}G1YigCbzp0u`C-!Jh`PpM@ivgKa)<@3Zv2Q+$I)8OEaO ztvZ0U;V^|UnjhpVA%QBgST$^{JlI}!>ucKr5+?UF1z5>l<~JuO^(+xwvFcxz4BFF~ z2cv&M^AZ$GG>Glu&p19nT{t`M2&4$%IVIkB|0K)9Uh_h=>XQX;N%ucX1YwM0*RSG^ zqM)!Ngv{3EY-fpeY#`UoEP}e99q8l7(Iz~jO%8}%9AviHJ)H=Lz6{}6Y$V)wq`k#l zkYRfod%selw4;BK&ZOsU*dqixaDhvpK)T+(C0Kwrn4*7uwT&T5N(Usnym%~$=%{-x zkHvBfvE1R<4Y-j!V+1y2<5WoYx^Qq?b3s86Z)CsV{{e;PFTC#*U7~j zBJb!O9yVT&Nyw5X>m?rV!I6pxbnvzLdM*WS`rE>WS30_Q2WoIdcB-Hox>g%xP)h&A zCvLHtAPC}7%&o}?w$%2W-PJM72}P6WP|>Q=CLk5Q{g0UOitC_g=WKJv2+%-bo!8S2 z|D65@#J`@e>i6_|xt>mrnyh_A4}mD+@87ZohpDePM81xCE=QTS=9|dyI|O98ICmeT z<5Il5KupYd)W`FNu}L#$nn5hMXV>v?W~L{KHL#+3u33UxCk1j1q55rvurFB~8pj@IM1T zpb}69C=MnD2O%0N6$T1Ako_Minvgn>E!CBj4$2o61L-UqLUbU_YqAcVP7b)fKTY^v RQN&L>DX}M1G(cqDe*m!Z4OLQW;Rtal~*bu^s5~4&%aFwunh`xyxPXy6}Rf8Zx^o`!* zMu}dc1d*uGqAm8Bxo_^B_v^hMXU=!NQ)bS5b7l^L0L=vf!3YA>iVh-8yh%J@2GRqw z2~d3+0`%rNjYSZE(f^eK2GJ0J{^zvMxp~k*|I@|92n1z^pCQ622*cqgbrfFM@6SA5y9$$D)cr_KA9)2YZNP{4B3Ysazzeq#4S)?!Y`q7^z>Ry<`hqSTmjWxe^>)L2OpOE{9wkMLgQT|3`(wQSd~MWRp0sDSEJrEc`Ky0D(ukCO6L3 zz(AvOw#5|XbqaYh!RPp}yRsub;p1ykr1+|tGR9IOGRrJNCWy?yv-Tx}=-qaP?+YI2 z)#+H!u#ed&i_-}+cfgo|0K!LjG%xyhF;g%cGyruRC|ZW(h=;^xC(#lwNVbm}_~A3G zi^4b(IzyqkK60xVs(#Me%}L@yzI<_RSU~Cf&yh#1q{H{?*LGg*>n!igaqVRHZH=6g<7=f*R zv6S&L%wV5RJ`;7j?d%={OOd$pbF9RW?+}}7gn4x}8)}#>dF7L$vFrKmRRGDF;B}8d z3;?0!-9LPp!BP<|yQSR#t#x`8xyjw%vi;#>_0JzD^rYNW`Fh4{>qyV{_xucbizaK^ z9m(;(E4gOtX*8$ley6+4Y_ga(voXho^UT6`sk4KA3u-5yDp|fiEr8}?8pPb}UwQW{ zG^EX47T3cjwfond9ltCx7e6s@O&6+e32Uv9$%}rlV!^sCxj3)`HXYg;No5F)C9v}lh?%XtZ(*@=-%iA)p+Y(i9Br@LM=i-dI9bDUQ;ljpLYpF8z7#SG+RxL#` z$Bj?wr18F9Y*xI0d}ChhYirAwv`XvYGZuF1~LlQ zu)iBywd~772XeiAS$yKAOh%g9E@3V^BvM3&sPIq`gMipY6e)2cjO72ou?tWi_eExcEIRr{ef(A(Z$r*tTl*>N zSE$c9CH57`gJq%@Y(ANz1fpwkPNFhzPz3sk^jh&FVKn}9MB04lxH3g&klltnpX#~% zhb?gTc((pH&T#zdE-iF>0`flN#o2|oS)LnvTspqr)0fpNlXgJc2T|?OZ z=rJz{aL^dZB#xP1SKM}Np`>ZVezmfVD<}s>=y%~Ov06`}(3{KgBC%ojy6mGG3nU&$ zqYJ$kH1LG+?#040wFGN@tJh|%p}n(SQ`hevTTq`Y2gu+G#%Tq?YgG(b{it`l{Dw*l zvi@^6Y?sWUtW_syViMk{_C(+sJN6Lr*IByd+)v`PlrizIh+%a07`8B;YQceeS%q)w zsk$>Pp~X{Qqz=WYcldpl@}^(gM9e-OR(vQ`m~Rd0{(VbpBeRT%(@Oje3(mMa{8yB$(}X$ zh{(L8f)Otlgkgc0S_H~8Eoc#pT67#4;*;v{WwVjZ_1q~BKs%2O!?qc-_QO(<9b-@? z0?_y+yoX8CC?~2=-Yvga50FUlFYiKJidLIU-SIG~(5sguaJFlE4N^IJ+`k2mt_b=S z<;&~{D?Xm_W^kW=yaZIG`kNv%ps>QC{%dFZ-WK%I*`6nwr1|bOy^X;mGhqia8@o07 zF=9hP9La-RqU-T>FxI-nMROPt(*wdp+~6>@lV8X_Q%LA6&^X3%i7lE1v@_ILo>e>} z{G6*?g9$v6PwXhFr(!cJ^K@x zH@hOt^cDA~n};9N&8M?2q)r(e$l4x?rmh@El19M27sqnYWNGPlp7>Z=~l z^Bp!Gb*g_uzRe{TD{a(rO{FiwfH^NF?>lipBS@YJ3iOtCe!jx*{O;HYEaOGYcsBJk zR9lUutQ9JM^y%Z4M5Od&RGC?Q5k9i4-^dLC|t^ik}z z*^6ov2kUzE2Hto4Q`gh?e>tBXMTpEpS~b$3LflOUVc-n zJUmxjl;Ii9f2KKWuhfRk!|OC#aqwOhpP#)93EmQ`roF9wA|^U|J%8~djQ9fR@Nmz6 z$bINQlV1Uc;>K+ULA*~EJ_G9`CD5*P-_&JC}WtdF)KU&1GIq@q1K zhd4|?!w#5^kOz~`xGKY&-mIPkBO|phML|c`uW9yFNZ(O{u}|%4TbTZkGb{zn(9RoV zvJ8EVvAb_qX$ggBmV5&IM+eidkJq|PX1U*J^7=F z#eC_@BRJe7IWr9Y-R;?w*bO8gccyU?boT@iPLFtFj=i&*1KUi8{adkDv3`fKE;qPjjA z4+TFF7H_^Kf>)31UGn%Lm3fN3@UPuHA#Z?|4z_5d`6-vw)Fw{?K6hB$HcGDhX?BiD z!s$0^mBga=MNOqr?3?SnPp2i)O60WsOU7%v7vh|M!Pmt~2`vSn-hs01;bBfJO@5a; zqtP3^;khCc{@m{+Cip^r8rwqzWkoG})ICwMhQ~_1=J*am9U+W>(9z1UfI+;pfb$nv y*%f9#Wra&pUMfg^)SGG_*Q`dv>E$LWs-LtH9M}nF;19F-jF|W;4*~;;+5ZNgC0;TB literal 0 HcmV?d00001 diff --git a/application/src/test/resources/lwm2m/credentials/serverKeyStore.jks b/application/src/test/resources/lwm2m/credentials/serverKeyStore.jks deleted file mode 100644 index fc541a3b18111312545da774be682ddb893d72c2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3806 zcmezO_TO6u1_mY|W&_iFnRz9tMY*XdnTaK-$%zaMjFr!(OnJ+|8lh)uUJkHs&Ff*|-7)Tn58;G(ohq5pW^ZBF}XC&q+6y@ia zC^$PBD2VeK85)=wm>U`cNz*6^ej`JmfT^JgRKP&dP~JcmqFD^88QDo7Lm~}?+1SDM zF)>0dW@cn(c4A;T@VS|9lH1dLZ_jKt-`U6Fea+QH`BYo9IL#mhY`ZKUix`Ut^Mt&kdKuN{mQQtB zUi5*fk(H(TpaCDyakBi3jQ?4HzGY-H5CZXqL3|DaHXy~s$Y3B35>sZ8Fc51H(VZk$ zxqXJN`J@Z|H3z%zhgCAvhN1=-vnPXr8zz+tX`Lo>Xmwt;`4ciQ-RUJ$iP{g zT2z)=1Wd({+%)YhP`KWp7MPN_wAmP07`2!L85vm_Sh9C4soL}0b=E$Mg=v$soQ%&E ze-UkGh(7!8*z23GK6Ux3JW7}-CdGRxUb*$s#*H}>yS#3hWc=9SwbZeCr>?;9ccr&_ zYgxQJ(!V{(HT$V`QR>5%H$^P@+qt&id0fzvyI|3@t`COBEccC7VLd&rY7L^CxjgF5%vL_s_{?G7bKy zS)IAVKm?R*1X*|uxSKe0@{<#DGV+T{3^>7wiG|4kHQ!?`JcL1NRatlpxY#&=anH)i z&di7!(9G@(1};nrn!6{v?BTePd(kMjNR;uU^|$ugrFS$Q9umsi${YQ5&H^TdsFeM= z90yik-kWEXGgr=O`{J&$y|KM7LUoxI7hXH8CBN4cMod%AvKSoW?FOfOlv-vGHtp+D%Gs zJc(4Dp!3?mQ2w@XY2U+&4qJBf-UtR0M-HvV>(w&A3ge>joNbbJ!JgUYuAZ6QqPAQv zQ)->$ngpAsU+XTp#rL^@s{=MjR72u+>TO(gfe)|D(-6Qb2h|ya67LSJ{;U~ z=j!t7JN^Y!?~YK;neEaj@$>WA(44J%&My4R*S)D{)LMO8UGTuGsl5-*N3oSb>J z)Lvu@%h8K!V%cK1e3=wtzAp%{I$kwDp0DD0XHV~}Lt>(a&rX)h7S2h_+IP<}98nI8 zw&b9#Z#uT*m>7g0Sr@a2o|KM=nlfPCDFR|qSR>n^QvogiV9x@mC9xTLNo*EnfL$LA zvreFaKLuHbh@1iK`FxVtS7y-vtNrrlO-x^(POD+NzGweDCVTEHScmMzZ From 4450df292f73ce0b58ac52b95bd7a1366f47cbea Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Sat, 8 Jan 2022 18:24:10 +0200 Subject: [PATCH 07/16] lwm2m tests aad logs with NoSec, PSK, X509-trust. RPK, X509_NoTrust - ignore --- .../server/transport/lwm2m/AbstractLwM2MIntegrationTest.java | 3 +++ .../lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java | 1 + .../transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java | 4 ++-- application/src/test/resources/application-test.properties | 2 +- application/src/test/resources/logback.xml | 1 + 5 files changed, 8 insertions(+), 3 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java index 5d4c32641d..13e0858199 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java @@ -16,6 +16,7 @@ package org.thingsboard.server.transport.lwm2m; import com.fasterxml.jackson.core.type.TypeReference; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.io.IOUtils; import org.eclipse.californium.core.network.config.NetworkConfig; import org.eclipse.leshan.client.object.Security; @@ -66,6 +67,7 @@ import java.util.concurrent.ScheduledExecutorService; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +@Slf4j @DaoSqlTest public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest { @@ -199,6 +201,7 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest createNewClient(security, coapConfig, false); String msg = wsClient.waitForUpdate(); + log.info("msg5555: [{}]", msg); EntityDataUpdate update = mapper.readValue(msg, EntityDataUpdate.class); Assert.assertEquals(1, update.getCmdId()); List eData = update.getUpdate(); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java index 0c983f9dcf..d537062def 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java @@ -68,6 +68,7 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M // Client protected LwM2MTestClient client; protected static final String CLIENT_ENDPOINT_NO_SEC = "deviceNoSec"; + protected static final String CLIENT_ENDPOINT_PSK = "devicePSK"; protected static final String CLIENT_ENDPOINT_RPK = "deviceRPK"; protected static final String CLIENT_ENDPOINT_NO_TRUST = "deviceAEndpoint"; protected static final String CLIENT_ENDPOINT_TRUST = "LwX50900000000"; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java index 5850e52015..d7296fd47c 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java @@ -34,13 +34,13 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes @Test public void testConnectWithPSKAndObserveTelemetry() throws Exception { PSKClientCredential clientCredentials = new PSKClientCredential(); - clientCredentials.setEndpoint(CLIENT_ENDPOINT_NO_TRUST); + clientCredentials.setEndpoint(CLIENT_ENDPOINT_PSK); clientCredentials.setKey(pskKey); clientCredentials.setIdentity(pskIdentity); Security security = psk(SECURE_URI, SHORT_SERVER_ID, pskIdentity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(pskKey.toCharArray())); - super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_NO_TRUST); + super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_PSK); } } diff --git a/application/src/test/resources/application-test.properties b/application/src/test/resources/application-test.properties index dd1cd2807c..7f7cb6e8b9 100644 --- a/application/src/test/resources/application-test.properties +++ b/application/src/test/resources/application-test.properties @@ -4,7 +4,7 @@ transport.lwm2m.server.security.credentials.keystore.store_file=lwm2m/credential #transport.lwm2m.server.security.credentials.keystore.store_password=server #transport.lwm2m.server.security.credentials.keystore.key_alias=server #transport.lwm2m.server.security.credentials.keystore.key_password=server -#transport.lwm2m.bootstrap.enabled=false +transport.lwm2m.bootstrap.enabled=false transport.lwm2m.bootstrap.security.credentials.enabled=true transport.lwm2m.bootstrap.security.credentials.type=KEYSTORE transport.lwm2m.bootstrap.security.credentials.keystore.store_file=lwm2m/credentials/lwm2mserver.jks diff --git a/application/src/test/resources/logback.xml b/application/src/test/resources/logback.xml index d3301bf660..91ca9c2b6c 100644 --- a/application/src/test/resources/logback.xml +++ b/application/src/test/resources/logback.xml @@ -10,6 +10,7 @@ + From fe9b61586f3f907289d59a9ecca839965f26c07c Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Sat, 8 Jan 2022 20:11:39 +0200 Subject: [PATCH 08/16] lwm2m tests ignore test del 3/0/9 --- .../sql/RpcLwm2mIntegrationDeleteTest.java | 24 +++++++++---------- application/src/test/resources/logback.xml | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java index 6f24d7176c..90a9dd7a62 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java @@ -74,18 +74,18 @@ public class RpcLwm2mIntegrationDeleteTest extends AbstractRpcLwM2MIntegrationTe } - /** - * delete resource - * Delete {"id":"/3/0/9"} - * {"result":"METHOD_NOT_ALLOWED"} - */ - @Test - public void testDeleteResourceByIdKey_Result_METHOD_NOT_ALLOWED() throws Exception { - String expectedPath = objectIdVer_3 + "/" + objectInstanceId_0 + resourceId_9; - String actualResult = sendRPCDeleteById(expectedPath); - ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); - assertEquals(ResponseCode.METHOD_NOT_ALLOWED.getName(), rpcActualResult.get("result").asText()); - } +// /** +// * delete resource +// * Delete {"id":"/3/0/9"} +// * {"result":"METHOD_NOT_ALLOWED"} +// */ +// @Test +// public void testDeleteResourceByIdKey_Result_METHOD_NOT_ALLOWED() throws Exception { +// String expectedPath = objectIdVer_3 + "/" + objectInstanceId_0 + resourceId_9; +// String actualResult = sendRPCDeleteById(expectedPath); +// ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); +// assertEquals(ResponseCode.METHOD_NOT_ALLOWED.getName(), rpcActualResult.get("result").asText()); +// } private String sendRPCDeleteById(String path) throws Exception { diff --git a/application/src/test/resources/logback.xml b/application/src/test/resources/logback.xml index 91ca9c2b6c..4cca303e8f 100644 --- a/application/src/test/resources/logback.xml +++ b/application/src/test/resources/logback.xml @@ -10,7 +10,7 @@ - + From 98331c79a0ccb70a4c8459e8bdc56eb92e50c07a Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Sat, 8 Jan 2022 23:48:24 +0200 Subject: [PATCH 09/16] lwm2m tests add RPK --- .../transport/lwm2m/Lwm2mTestHelper.java | 1 + .../sql/RpcLwm2mIntegrationDeleteTest.java | 25 ++++++++++--------- .../AbstractSecurityLwM2MIntegrationTest.java | 3 --- .../sql/NoSecLwM2MIntegrationTest.java | 4 +-- .../security/sql/PskLwm2mIntegrationTest.java | 4 +-- .../security/sql/RpkLwM2MIntegrationTest.java | 7 +++--- application/src/test/resources/logback.xml | 1 - 7 files changed, 21 insertions(+), 24 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java index 232332e554..0ea700d46c 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java @@ -55,6 +55,7 @@ public class Lwm2mTestHelper { public static final int resourceId_2 = 2; public static final int resourceId_3 = 3; public static final int resourceId_4 = 4; + public static final int resourceId_7 = 7; public static final int resourceId_8 = 8; public static final int resourceId_9 = 9; public static final int resourceId_11 = 11; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java index 90a9dd7a62..ebc0f6d783 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java @@ -26,6 +26,7 @@ import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_12; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_7; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; @@ -74,18 +75,18 @@ public class RpcLwm2mIntegrationDeleteTest extends AbstractRpcLwM2MIntegrationTe } -// /** -// * delete resource -// * Delete {"id":"/3/0/9"} -// * {"result":"METHOD_NOT_ALLOWED"} -// */ -// @Test -// public void testDeleteResourceByIdKey_Result_METHOD_NOT_ALLOWED() throws Exception { -// String expectedPath = objectIdVer_3 + "/" + objectInstanceId_0 + resourceId_9; -// String actualResult = sendRPCDeleteById(expectedPath); -// ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); -// assertEquals(ResponseCode.METHOD_NOT_ALLOWED.getName(), rpcActualResult.get("result").asText()); -// } + /** + * delete resource + * Delete {"id":"/3/0/7"} + * {"result":"METHOD_NOT_ALLOWED"} + */ + @Test + public void testDeleteResourceByIdKey_Result_METHOD_NOT_ALLOWED() throws Exception { + String expectedPath = objectIdVer_3 + "/" + objectInstanceId_0 + resourceId_7; + String actualResult = sendRPCDeleteById(expectedPath); + ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); + assertEquals(ResponseCode.METHOD_NOT_ALLOWED.getName(), rpcActualResult.get("result").asText()); + } private String sendRPCDeleteById(String path) throws Exception { diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java index d537062def..b0fadf1d23 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java @@ -67,9 +67,6 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M // Client protected LwM2MTestClient client; - protected static final String CLIENT_ENDPOINT_NO_SEC = "deviceNoSec"; - protected static final String CLIENT_ENDPOINT_PSK = "devicePSK"; - protected static final String CLIENT_ENDPOINT_RPK = "deviceRPK"; protected static final String CLIENT_ENDPOINT_NO_TRUST = "deviceAEndpoint"; protected static final String CLIENT_ENDPOINT_TRUST = "LwX50900000000"; protected static final String CLIENT_JKS_FOR_TEST = "lwm2mclient"; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java index 8331b99fff..4daac68f9a 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java @@ -29,8 +29,8 @@ public class NoSecLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationT @Test public void testConnectAndObserveTelemetry() throws Exception { - NoSecClientCredential clientCredentials = createNoSecClientCredentials(CLIENT_ENDPOINT_NO_SEC); - super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_NO_SEC); + NoSecClientCredential clientCredentials = createNoSecClientCredentials(CLIENT_ENDPOINT_TRUST); + super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_TRUST); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java index d7296fd47c..11b6f3f6e7 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java @@ -34,13 +34,13 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes @Test public void testConnectWithPSKAndObserveTelemetry() throws Exception { PSKClientCredential clientCredentials = new PSKClientCredential(); - clientCredentials.setEndpoint(CLIENT_ENDPOINT_PSK); + clientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST); clientCredentials.setKey(pskKey); clientCredentials.setIdentity(pskIdentity); Security security = psk(SECURE_URI, SHORT_SERVER_ID, pskIdentity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(pskKey.toCharArray())); - super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_PSK); + super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java index e6c26a05d0..1f73a2a739 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java @@ -30,17 +30,16 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest { - @Ignore @Test public void testConnectWithRPKAndObserveTelemetry() throws Exception { RPKClientCredential rpkClientCredentials = new RPKClientCredential(); - rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_RPK); - rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPrivateKeyFromCert.getEncoded()))); + rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST); + rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCert.getEncoded()))); Security security = rpk(SECURE_URI, SHORT_SERVER_ID, clientPublicKeyFromCert.getEncoded(), clientPrivateKeyFromCert.getEncoded(), serverPublicKeyFromCert.getEncoded()); - super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_RPK); + super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST); } } diff --git a/application/src/test/resources/logback.xml b/application/src/test/resources/logback.xml index 4cca303e8f..d3301bf660 100644 --- a/application/src/test/resources/logback.xml +++ b/application/src/test/resources/logback.xml @@ -10,7 +10,6 @@ - From c981ff4c55016e4a8c153ed4121236c381dfa26c Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Sun, 9 Jan 2022 15:22:43 +0200 Subject: [PATCH 10/16] lwm2m tests add no trust --- .../controller/TbTestWebSocketClient.java | 2 +- .../lwm2m/AbstractLwM2MIntegrationTest.java | 16 +-- .../ota/AbstractOtaLwM2MIntegrationTest.java | 3 + .../ota/sql/OtaLwM2MIntegrationTest.java | 24 ++-- .../rpc/AbstractRpcLwM2MIntegrationTest.java | 6 +- .../AbstractSecurityLwM2MIntegrationTest.java | 38 +++--- .../sql/NoSecLwM2MIntegrationTest.java | 4 +- .../security/sql/PskLwm2mIntegrationTest.java | 4 +- .../security/sql/RpkLwM2MIntegrationTest.java | 10 +- .../sql/X509_NoTrustLwM2MIntegrationTest.java | 21 +-- .../sql/X509_TrustLwM2MIntegrationTest.java | 8 +- application/src/test/resources/logback.xml | 1 + .../lwm2m/credentials/lwm2mclient.jks | Bin 17660 -> 20462 bytes .../lwm2m/credentials/lwm2mserver.jks | Bin 6432 -> 6448 bytes .../credentials/lwm2mtruststorechain.jks | Bin 2982 -> 2982 bytes ... => lwM2M_cfssl_chain_clients_for_test.sh} | 120 +++++++++++++++++- ...l.sh => lwm2m_cfssl_chain_all_for_test.sh} | 10 +- 17 files changed, 194 insertions(+), 73 deletions(-) rename application/src/test/resources/lwm2m/credentials/shell/{lwM2M_cfssl_chain_trusts_and_clients_for_test.sh => lwM2M_cfssl_chain_clients_for_test.sh} (63%) rename application/src/test/resources/lwm2m/credentials/shell/{lwm2m_cfssl_chain_for_test_All.sh => lwm2m_cfssl_chain_all_for_test.sh} (78%) diff --git a/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java b/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java index ff6b004405..2bb68737ac 100644 --- a/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java +++ b/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java @@ -74,7 +74,7 @@ public class TbTestWebSocketClient extends WebSocketClient { } public String waitForUpdate() { - return waitForUpdate(TimeUnit.SECONDS.toMillis(3)); + return waitForUpdate(TimeUnit.SECONDS.toMillis(8)); } public String waitForUpdate(long ms) { diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java index 13e0858199..0a95dfdbc9 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java @@ -135,7 +135,7 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest protected LwM2MTestClient client; private final LwM2MBootstrapClientCredentials defaultBootstrapCredentials; private String[] resources; - protected String endpoint; +// protected String endpoint; public AbstractLwM2MIntegrationTest() { this.defaultBootstrapCredentials = new LwM2MBootstrapClientCredentials(); @@ -197,8 +197,8 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest wsClient.waitForReply(); wsClient.registerWaitForUpdate(); - this.endpoint = endpoint; - createNewClient(security, coapConfig, false); +// this.endpoint = endpoint; + createNewClient(security, coapConfig, false, endpoint); String msg = wsClient.waitForUpdate(); log.info("msg5555: [{}]", msg); @@ -264,13 +264,13 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest this.resources = resources; } - public void setEndpoint(String endpoint) { - this.endpoint = endpoint; - } +// public void setEndpoint(String endpoint) { +// this.endpoint = endpoint; +// } - public void createNewClient(Security security, NetworkConfig coapConfig, boolean isRpc) throws Exception { + public void createNewClient(Security security, NetworkConfig coapConfig, boolean isRpc, String endpoint) throws Exception { clientDestroy(); - client = new LwM2MTestClient(this.executor, this.endpoint); + client = new LwM2MTestClient(this.executor, endpoint); int clientPort = SocketUtils.findAvailableTcpPort(); client.init(security, coapConfig, clientPort, isRpc); } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java index e78d74bdcd..6cf35aeb94 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java @@ -30,6 +30,9 @@ import static org.thingsboard.server.common.data.ota.OtaPackageType.SOFTWARE; public abstract class AbstractOtaLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { private final String[] resources = new String[]{"3.xml", "5.xml", "9.xml"}; + protected static final String CLIENT_ENDPOINT_WITHOUT_FW_INFO = "WithoutFirmwareInfoDevice"; + protected static final String CLIENT_ENDPOINT_OTA5 = "Ota5_Device"; + protected static final String CLIENT_ENDPOINT_OTA9 = "Ota9_Device"; public AbstractOtaLwM2MIntegrationTest() { setResources(this.resources); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java index 903750663a..95a0a774a2 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java @@ -138,12 +138,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest { @Test public void testFirmwareUpdateWithClientWithoutFirmwareOtaInfoFromProfile() throws Exception { - String endpoint = "WithoutFirmwareInfoDevice"; - setEndpoint(endpoint); +// String endpoint = "WithoutFirmwareInfoDevice"; +// setEndpoint(endpoint); createDeviceProfile(transportConfiguration); - NoSecClientCredential credentials = createNoSecClientCredentials(endpoint); + NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_WITHOUT_FW_INFO); final Device device = createDevice(credentials); - createNewClient(SECURITY, COAP_CONFIG, false); + createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_WITHOUT_FW_INFO); Thread.sleep(1000); @@ -165,12 +165,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest { @Test public void testFirmwareUpdateByObject5() throws Exception { - String endpoint = "Ota5_Device"; - setEndpoint(endpoint); +// String endpoint = "Ota5_Device"; +// setEndpoint(endpoint); createDeviceProfile(OTA_TRANSPORT_CONFIGURATION); - NoSecClientCredential credentials = createNoSecClientCredentials(endpoint); + NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA5); final Device device = createDevice(credentials); - createNewClient(SECURITY, COAP_CONFIG, false); + createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_OTA5); Thread.sleep(1000); @@ -204,12 +204,12 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest { * */ @Test public void testSoftwareUpdateByObject9() throws Exception { - String endpoint = "Ota9_Device"; - setEndpoint(endpoint); +// String endpoint = "Ota9_Device"; +// setEndpoint(endpoint); createDeviceProfile(OTA_TRANSPORT_CONFIGURATION); - NoSecClientCredential credentials = createNoSecClientCredentials(endpoint); + NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA9); final Device device = createDevice(credentials); - createNewClient(SECURITY, COAP_CONFIG, false); + createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_OTA9); Thread.sleep(1000); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java index 95878b74d1..2310fe1659 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java @@ -73,6 +73,7 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg protected String objectIdVer_50 = "/50"; protected String objectIdVer_3303; protected static AtomicInteger endpointSequence = new AtomicInteger(); + protected static String endpointRpcPref = "deviceEndpointRpc"; public AbstractRpcLwM2MIntegrationTest(){ setResources(resources); @@ -80,9 +81,10 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg @Before public void beforeTest() throws Exception { - setEndpoint("deviceEndpointRpc" + endpointSequence.incrementAndGet()); + String endpoint = endpointRpcPref + endpointSequence.incrementAndGet(); +// setEndpoint(endpoint); init(); - createNewClient (SECURITY, COAP_CONFIG, true); + createNewClient (SECURITY, COAP_CONFIG, true, endpoint); expectedObjects = ConcurrentHashMap.newKeySet(); expectedObjectIdVers = ConcurrentHashMap.newKeySet(); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java index b0fadf1d23..c10eb46620 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java @@ -27,7 +27,6 @@ import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.cert.Certificate; import java.security.cert.X509Certificate; @DaoSqlTest @@ -67,16 +66,22 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M // Client protected LwM2MTestClient client; - protected static final String CLIENT_ENDPOINT_NO_TRUST = "deviceAEndpoint"; - protected static final String CLIENT_ENDPOINT_TRUST = "LwX50900000000"; + protected static final String CLIENT_ENDPOINT_NO_SEC = "LwNoSec00000000"; + protected static final String CLIENT_ENDPOINT_PSK = "LwPsk00000000"; + protected static final String CLIENT_ENDPOINT_RPK = "LwRpk00000000"; + protected static final String CLIENT_ENDPOINT_X509_TRUST = "LwX50900000000"; + protected static final String CLIENT_ENDPOINT_X509_TRUST_NO = "LwX509TrustNo"; protected static final String CLIENT_JKS_FOR_TEST = "lwm2mclient"; protected static final String CLIENT_STORE_PWD = "client_ks_password"; - - protected static final String CLIENT_CERT_ALIAS = "client_alias_00000000"; - - protected final X509Certificate clientX509Cert; // client certificate signed by intermediate, rootCA with a good CN ("host name") - protected final PrivateKey clientPrivateKeyFromCert; // client private key used for X509 and RPK - protected final PublicKey clientPublicKeyFromCert; // client public key used for RPK + protected static final String CLIENT_ALIAS_CERT_TRUST = "client_alias_00000000"; + protected static final String CLIENT_ALIAS_CERT_TRUST_NO = "client_alias_trust_no"; + + protected final X509Certificate clientX509CertTrust; // client certificate signed by intermediate, rootCA with a good CN ("host name") + protected final PrivateKey clientPrivateKeyFromCertTrust; // client private key used for X509 and RPK + protected final PublicKey clientPublicKeyFromCertTrust; // client public key used for RPK + protected final X509Certificate clientX509CertTrustNo; // client certificate signed by intermediate, rootCA with a good CN ("host name") + protected final PrivateKey clientPrivateKeyFromCertTrustNo; // client private key used for X509 and RPK + protected final PublicKey clientPublicKeyFromCertTrustNo; // client public key used for RPK private final String[] resources = new String[]{"1.xml", "2.xml", "3.xml", "5.xml", "9.xml"}; @@ -87,7 +92,7 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M public AbstractSecurityLwM2MIntegrationTest() { // create client credentials setResources(this.resources); - setEndpoint(CLIENT_ENDPOINT_NO_TRUST); +// setEndpoint(CLIENT_ENDPOINT_NO_TRUST); try { // Get keys PSK this.pskIdentity = "SOME_PSK_ID"; @@ -122,13 +127,14 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M clientKeyStore.load(clientKeyStoreFile, clientKeyStorePwd); } - clientPrivateKeyFromCert = (PrivateKey) clientKeyStore.getKey(CLIENT_CERT_ALIAS, clientKeyStorePwd); - clientX509Cert = (X509Certificate) clientKeyStore.getCertificate(CLIENT_CERT_ALIAS); - clientPublicKeyFromCert = clientX509Cert.getPublicKey(); + clientPrivateKeyFromCertTrust = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST, clientKeyStorePwd); + clientX509CertTrust = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST); + clientPublicKeyFromCertTrust = clientX509CertTrust != null ? clientX509CertTrust.getPublicKey() : null; + + clientPrivateKeyFromCertTrustNo = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST_NO, clientKeyStorePwd); + clientX509CertTrustNo = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST_NO); + clientPublicKeyFromCertTrustNo = clientX509CertTrustNo != null ? clientX509CertTrustNo.getPublicKey() : null; -// clientX509CertWithBadCN = (X509Certificate) clientKeyStore.getCertificate("client_bad_cn"); -// clientX509CertSelfSigned = (X509Certificate) clientKeyStore.getCertificate("client_self_signed"); -// clientX509CertNotTrusted = (X509Certificate) clientKeyStore.getCertificate("client_not_trusted"); } catch (GeneralSecurityException | IOException e) { throw new RuntimeException(e); } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java index 4daac68f9a..8331b99fff 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java @@ -29,8 +29,8 @@ public class NoSecLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationT @Test public void testConnectAndObserveTelemetry() throws Exception { - NoSecClientCredential clientCredentials = createNoSecClientCredentials(CLIENT_ENDPOINT_TRUST); - super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_TRUST); + NoSecClientCredential clientCredentials = createNoSecClientCredentials(CLIENT_ENDPOINT_NO_SEC); + super.basicTestConnectionObserveTelemetry(SECURITY, clientCredentials, COAP_CONFIG, CLIENT_ENDPOINT_NO_SEC); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java index 11b6f3f6e7..d7296fd47c 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java @@ -34,13 +34,13 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes @Test public void testConnectWithPSKAndObserveTelemetry() throws Exception { PSKClientCredential clientCredentials = new PSKClientCredential(); - clientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST); + clientCredentials.setEndpoint(CLIENT_ENDPOINT_PSK); clientCredentials.setKey(pskKey); clientCredentials.setIdentity(pskIdentity); Security security = psk(SECURE_URI, SHORT_SERVER_ID, pskIdentity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(pskKey.toCharArray())); - super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST); + super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_PSK); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java index 1f73a2a739..0066014a9b 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java @@ -33,13 +33,13 @@ public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTes @Test public void testConnectWithRPKAndObserveTelemetry() throws Exception { RPKClientCredential rpkClientCredentials = new RPKClientCredential(); - rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_TRUST); - rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCert.getEncoded()))); + rpkClientCredentials.setEndpoint(CLIENT_ENDPOINT_RPK); + rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCertTrust.getEncoded()))); Security security = rpk(SECURE_URI, SHORT_SERVER_ID, - clientPublicKeyFromCert.getEncoded(), - clientPrivateKeyFromCert.getEncoded(), + clientPublicKeyFromCertTrust.getEncoded(), + clientPrivateKeyFromCertTrust.getEncoded(), serverPublicKeyFromCert.getEncoded()); - super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST); + super.basicTestConnectionObserveTelemetry(security, rpkClientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_RPK); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java index 6ca430327d..b2ce6c470d 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java @@ -15,6 +15,7 @@ */ package org.thingsboard.server.transport.lwm2m.security.sql; +import org.apache.commons.codec.binary.Base64; import org.eclipse.leshan.client.object.Security; import org.junit.Ignore; import org.junit.Test; @@ -29,18 +30,18 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SHORT_SERVE public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTest { - @Ignore @Test public void testConnectWithCertAndObserveTelemetry() throws Exception { -// X509ClientCredential credentials = new X509ClientCredential(); -// credentials.setEndpoint(CLIENT_ENDPOINT_NO_TRUST); -// credentials.setCert(SslUtil.getCertificateString(clientX509CertNotTrusted)); -// Security security = x509(SECURE_URI, -// SHORT_SERVER_ID, -// clientX509CertNotTrusted.getEncoded(), -// clientPrivateKeyNotTrustedFromCert.getEncoded(), -// serverX509Cert.getEncoded()); -// super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_NO_TRUST); + X509ClientCredential credentials = new X509ClientCredential(); + credentials.setEndpoint(CLIENT_ENDPOINT_X509_TRUST_NO); +// rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCertTrust.getEncoded()))); + credentials.setCert(SslUtil.getCertificateString(clientX509CertTrustNo)); + Security security = x509(SECURE_URI, + SHORT_SERVER_ID, + clientX509CertTrustNo.getEncoded(), + clientPrivateKeyFromCertTrustNo.getEncoded(), + serverX509Cert.getEncoded()); + super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_X509_TRUST_NO); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java index 28a10fd278..a51ea98be6 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java @@ -30,13 +30,13 @@ public class X509_TrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegra @Test public void testConnectAndObserveTelemetry() throws Exception { X509ClientCredential credentials = new X509ClientCredential(); - credentials.setEndpoint(CLIENT_ENDPOINT_TRUST); + credentials.setEndpoint(CLIENT_ENDPOINT_X509_TRUST); Security security = x509(SECURE_URI, SHORT_SERVER_ID, - clientX509Cert.getEncoded(), - clientPrivateKeyFromCert.getEncoded(), + clientX509CertTrust.getEncoded(), + clientPrivateKeyFromCertTrust.getEncoded(), serverX509Cert.getEncoded()); - super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_TRUST); + super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_X509_TRUST); } } diff --git a/application/src/test/resources/logback.xml b/application/src/test/resources/logback.xml index d3301bf660..175eda993c 100644 --- a/application/src/test/resources/logback.xml +++ b/application/src/test/resources/logback.xml @@ -10,6 +10,7 @@ + diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks b/application/src/test/resources/lwm2m/credentials/lwm2mclient.jks index 490812c01ab483d3462a09cdd18bc405fa23abe5..ca8c8ed1d77f31bab0711a31eeb63ae952c933ef 100644 GIT binary patch literal 20462 zcmbr@Q;;alwkYbhZQHhO+qP}nwr$(CZFkRh_iWpJ{&Vk*y< z^R6g<+ruL7Dv=RT~Yo{Q>KFbfYCr zLPYiG?f?QJM*spOV1NOG_Y8-7oWb`&^5VkYFEd( zz8^saYzfmK+kCwq)I1+Ax|H4}ujyDbEcLsvKozwqmbDx&gkG_+V(kpPDAW%#jPB4_ zFclg+cY+|X7#apGG_1#Wdn1&Fa zYIc=_6FA|hpDiEhu8UKYiD=Qo8 ze<}XXE7f55=dmFfF>@q27VVlrRsFm8O%Y za@qeKag*^6teqx7o-IyjeGND2fq%qhiV2aG9CmI)xi+U;jyqYyvI`9-XACk)1-|!Y z?UC?|g_hIdG{_a@ba1PI*X0BparAAV&hA25hjLrA&{C9;Spr?gG^;m3jUFIK;;Ri3 zA~}ve|CWMkX1yPtParH;>dG6qOM`&h+0R?`k1;KbZbW!N=+8{_4>R;hKa=r zV(=9SZZ$XpumNTKZ^T*tg*ZDC(|@|FC~PE^QXKfOsMkl2lp>xdzjD6^{5#^1E$*`k z-&M*&xGsj&@!k>th=<#uZCVkA;=WR4U9;j5=8zXh`1!{GWI#rs1%CV z8=7A)*rU!dq+u6%(KVLbx=>gCG!b$X_(0>6i@UW=mbEdss8xK1tFBC9)J`SphBbUU z<5*v*M{r1YgvCmx`xCHFrgSvLp)t3%R|woa&**42>{;T3upj~DVb-8!LiLw_gE>ls zx8eVvxC?+2fa^aw^#5j5I{^ECCC<+I&#odi_+RN29IPNntm&Un9S|VEKTY|6j{yFw z>V<~lbP7GtdzxM7CGYv*0!8qTmCwKP4VqAD%u9RpTq|{_7S%K;V*`T37?LnZG!0r+ zIGX*AjgFSKz@|nkeRHrwlTS%Y^b5m&01k*6u-wKH=4dhh0R3qyI-F<7k@m`!tLYT{ zE1L$g(c#S)TS?vKZgf_HFigSgsft%_Qz0u8FLU@K>}nErdGj#2aek_nPqkcUC6Ybb z?Q*lyvv8qV*H?v=FP`iz7{$tx#6hq#oAKdooD7PHZNrA9GT_XrKuma8;r#p!FHYzz z-|ACL5pdJ{YV??yHIhZ@gBIHe{8v@2s9l~=pL6-)3BBZN0Mx$0qz6aj=^7j#eHFASvO_h$X}9X#8pc4wVLCC`7tl)6i)UC%g* z!_AzPPz5q0H($UP@e3gZxg)xjWnjIhRi);L%eH_5H9oYGX@pD(l^v~xv zC|a{?*n5bTzK#h~>$E;V(xrr~dKusHxv@uc78j_6+WnB{3#I8c4$HoV#cyI8KDBl)4}y7(7{`^F(<6>UlD6Y*)Mec zCEwQ|(=CaPzm_m2jRj)_*$a-H-@*o|f0ZgCTLHccYfBdXY+mJAj>p!q%~O}4R(7Z% zb!Z=4>RR`Z&+oUB%H#a)`fb*|sAGBC+%z>twrO8p$^Ytlq{50PTrIS^<+X5^Y zy6Zvm{|m5~1I*}Dq;DAfQd-D(b>xjBsNg*6L%=1g$8C@^nU8%y`Q1t%F&n_hAie~u z0WSrPNIP%oJXJC$0-Zlx0o=F_D?a3D6GLq4j;0LoJt#A#f_9EDi^J*9jyr$m{zF-x z`KC6n!1t3;|DlG%G^S_J$oFMRh8_KB%d{YwxfvhgoCq-DsD{KrYrbHET2&AwN;nuD z>(V;I&}oa7{{uxWEVLeTW5I_mxXM1jK;}LuKM$9U!r{{tP*(NT%{pFxU^B)Oed+9dujiQ7D^4hcU4; ztI7$Z-*5=wcF+rBiNFW%&5a-w9XePwhrgQ@$-?tZhi-S;+TbwD;Lb+f7at$hc-jug zO-%V6q?f-G2s4oHh+28|$meJCgea@P{%Ct-x*&Aq(*-THfd`ev#Kig5Z}rLdbTcx0 zpO9f$^)O%fc5Wwu_F&}a`gS_!q!0=DH1#rD9sKvQgHfsG0g-8MY(QTqS{ajl9?l7U zaOn->xAda69`%x4D3wbW`D;pZlD(hv0H8einK;Q+dDn`6curtP1Cs1*Mx&I0pdOEy?b@vMjjo)^V zs@P5}Z2pbX*5hC#9gXqD#0Jqz6QGclyZL2=>|7yv|A8_Br=H=j^qO+5QVKs90`*~H zi(r#q3|L!?dt5(GAjR-G_cw*2D{`Bm5x-9pP0UfgGJQgkLF5U9aC*$c`qPG29~3@;?|yQ5*RN2#;z_4z+9cRY z=?P7wA~Jh?p3Z1~SdR#*cIagK2t<_*OA#J>7ew~a{8G@urMh*%OYYuKn;$OUGBfU& zj(o-dhFQ8Rl=W)3)5Em|zZ9A-7)C?R4E7H!JE3=f7Efl_? zG>rxZ>-MZUB$h5R00&&30z=#UuYFd~OAvNF!S^%#_ID##mh3&KsL-(X?=f}--Twv{Xf?XwAaY*8e$J?z05kiZ*(PbviF^^Sp@;$@ok|` z)oen%U`Wr@^*VgwqDUA!Jy@zqK|P-W;1a=_#amFvFZMMkX*o+dq=;MgIln@RjN=z_ zyCptFuSb9A4}5+(v1hlC3Z0C0)Hy1fR`16bNa}aw7_K+Rm4_pbSQ{4OO{?gB($5rP zuz(~8>8EZ6Q=YPOL?PiBngca3Y5Ezw8{nHl_PIqSJ{4f!tJ9KR!9^MLX}Vb6pwp5F zA!A$sG$LN~`a}f)Yz~ag#|~hAaEOD^a54%&Q0O(H^p*7)vR-f8;ban=I&H~(!a#6T z=hxF&n_?(f8lK$i?=tu702;S~+<6Nc9pmH&_JjB{mqGoYRAhYk=O!BJ^Rs&Snc7(4 z#<_Sm3}j{Nu7O}7ym~X5fq>tJo5)R0Od6bIkC5|7YQ~cVJze3)>d$6xvEF_aRL7kM z38L3#tmr)HKsRL=VNssT*r$gs*iOgl71+OlP+s1n`%59ql3*S)<&mIbJNvZ9P$+yK zsIsksZvS|;vWbhQ!kc;lS%u;wsM}!>5YLh+_cuV)T8Q=lqHJ#@DTXWWk(Xnz^1r!d zdZ3WvS{21Pu|}cm_3#kaG+6`qD-N}cqvoJx7FZ3?LG|+0^fsPSW7#q=QeW+)w9b20 z_K9uLw-5`TUg*tjib=_=TMr$tmo@#B-vE1>zOGX%ncmTfh;-P?Y%#U4UAcfBZ9JH`VbN^8@-m5o;7l!GkBJ~s(0#V+S-2uw9 zh8{kmkb%in6OI!PN67dgmfzxR^YDOdOZP$%7h;@(jyC!7Lc z@Oag=%GfK_f@DD!8M$!-_H(mdX^*i3IJ?7+akbBs8#*^_1zdJ*ZEX!H>M|JkZH#T! zBkH5cGLJFo*w$^mg_LoV#!9$`U|B6e@(Kq7Q_#)FiGvD4l2q(5SclpcgVcdlz@01(q9va*ZqwIMbi5~o4{Zsl z>_{gOjW)01YYheN`mp~Edui*!au`L9&A`B}Z54nCkF32l1KczB-yB$+NN)|f#c)}< z`dgTatZ?5oAgbx;r0hl{h}gcWnu$&O(_m!F^G~H?rQzC@soX}2i22MzsAWx7mIY00 znJlA~WEkzWu@4aao~Dy2DTJ1o4H3)4-eoWYy^9#@jBJ^1Pd;1Hlg0n--VzW8?NU_z zhXwdGT~#KU3_ii?+oI7qC^*g)EPrVdt5a^vh2ii}tp2zor0WDM)7nD}?4-2hS!S{- z^!c+fF7Os98hSRO$YhAqgb|_a!%HU2%1W9kJKdtC@?uLcOX1WrM)dx1W@_q z_3}M&nCSWWC4aZ}OF}%{MT7Wv5mNx43`Gzq&fEsj4>_}h=sQ`;T+@b>$VXe=wSo;U zIt0~0tGK9f`4BntK)Ltg&j1J3DiuWZtb*$5tE!__`nmd6yfmEZW)0h6Sc*ovY(&W? zvfow%1k}TyQSn2#=Tc1cel%GCZonjNtFs)&vXQfxp_F;)!Irt(2YMPK^5wLrNeNaS zCXo!+-16UdC5nys!`5DcKD@WOH>2j=CVHcLiE#{Cqe1#@fYE-z7(a%9!iaQ}OazE7 z6Jc_^bi0oPmON9Zp6^3w=tAw1Y2^>PHY~NTXs1ZRzT-9`znqUyx*(lz%Ts`fQu=B%TD7<$OtO!LmC2kt!&a(z#~EZoW*~%=Bb89%WSz=#1iaB+|HpH8}O zau&$cF+7Z3O4PhUt|;S6r=jMut$UBF0~wP1X{v4#my`vGWQ7?j5Z%sP%)L&L29)7F zwq#%>v~j*@NDDGV8UpatRW*h`SL?4lGX(V6OR-%u%O=g<0#C|#s9q5V2%Bfd@iTaf zWL((PBoTK&77=*8Bf#+E^L;q(cK$@DH_jw+JBBubWq~(VgmvSuRSNg|=@v#sMCE;&vkk=V02@hoFk>J4fe2fOG@p z2IuHOxRY6Cprs2(G0NI!xjXGLsz!{u$NM6tqv#fENN2qJci}6^kwx)fVS9SyFQLUI zOkQurr`vk3Xq;afEh!c!H?-c$>gCo%lWF+8(8k(P>68^PnEFynfO>hW!;pP|cgh)W z3yeA6MWwUWg0Ac*4PnnLo$0mkgg@2hSU}9KVAnOSK-ujW{V7zurd-89+K}SnN>wfa zYGcyODhP$XVyifE%YDwNHhnO(8)C_*f|-<(3f?|>5z^xv4|iyjMfvjP4HgFtRH6$o zlS$^H_nEN|B4Cd{K^g0sbp>$NEFAV{*-%;cNJIBvIg`~GEc%OKJDD5~1*}PW-Y^>( z4{L>!pFI1q(tmzN3pH-(i|>skalRWj@aR<9_s7S#yeP+i5XAZxoY0epsK71kj%{s` z1B?#h5M}ebO2{xMjU3_Vi{x-=cA2Txkd)1P`o})=d?l1BiRtgBhJaoX4>4YrH~L8+ z#sj_dn(9o&_yjU^h%>nF8UTqKyg4uaFvrbF!5MYZ#0njPUptiZlS!QpQL$E4PED@7 zg6FJmmyh9OMkc?13^VlC)KwnlfZ}OrzL{htP?3!$=dd|EiOjWv)G9}-zH(eECTpc1 zDRMvjz2zDxA=rG_^5gL zXM?mL;P?t(Q0Qp7&+3Cp!H{d8q&6Z4r=!8rP0{_^_#_i8S0vxWD{k*w3;Juw!2&&c zB$)E!4AlM#Z9D^~wnaw3?X0nnP}@^JVU%=-=Ig1;3y+)&`c^>C1Cl~)PqMt1M){}4 z z8Ycse&LxPB6tj(~84FM=Ymk`uyhaOc1nPhjqtTVUuEPve(TnAH*8{gmfzk(e9|^nC zO&8dv0X@^?xRbtoX#HlQM3P%yl%fT-|Xshij+iQ&3{+cYb}op*0%%%FFVG`WXAnuzfs3vuZVyiwg+qhQ&#YfQmnOev3YR&Fs|`_w zvd6=6<22})n8JA-Pc`K5Xu|ITWkSh0{loqpH9TxHe5Q8#ZkA@M7}rRDd97vcr{(aK(_NO*AuoQXip%VO3*IND{R*i`{< z)R%+f)}YwwP^@Jsa4xv|@u4q5q%|6rsl5{(;mplDe5J}dYhn8@VG>ix_j5M!h~27f zp~PsH79uu#tr|%pj?%+;SmeA&?Y8eB7>_Z$TMI+WpRz@Sk*W}x4H_${CqBv#a zf>W*e-W}7yPptkfa~ov-1>zP|_UoGnmkUKZ6ujCTAd-1Z3pzcPP$`|&2h8Ag@9<+&Z*!iX)(*Q`Mjx{K\hylOan*;kqm$M}?1Cu_<6QnGg~ z@4c)8L2ihDiI_Dg$~_}ZmMSM00R;O!q{(3L%5{QgccZ$WDT;eQUC6u4{&3s}TUiEF zDrF2{xe`cVzW-F7uYXZn+l~UqERv{-?DEDn_AOJW4GR;dMS!L}$fTmxIWln{vk)y+ z7r3UsHv`E%lcDeG``N$e<0`V|w221HENbMn$@*t-x}hA-S^BSkB>p%MCZ%1`h4V>y zblRom4^)+FB)rd4I{2_W-w;z*8VM(Mi;U+eo`lwhf_`Q7A6R^O#x}fk8GQB(sH&A~ zEiKk$tEi`oO?J_Ql}l@bm@y@bmtPIMXoJd7QIb@dyE~*FQpu4&^+c;ATk~q=PIUgf z$od`Pc+{$dx1w5M3<~j0LuP;NZaqx7vPLbh!xl_mI_eam#moFkAu<)8z817p`OP8O zm0QGjeYZFPFc%_2Xz=}4Ct=!*$6wlJqp5;v`;oJepMYT4eWgx%S%>$Z(H*uA?R(^) z|2!Uc`-UoI&wnIeR9UrXBDT1(wi26onmeL_CWaT-o0}qd0-_MxN$ggSZc9T8`T(Mk zqCojr40so%!-p#sU`EO0U$$4Bj0Ci>Ju4wTlogY`ua?b1^DzQ|ujbn6$F2wQugwQ> z7I>#(yEWU<$BJZ)<17J;TknXDXPI)vv=l zbg+&Y{Hf?LwXa^^!R>Vo89r^bhvh|7^jTh#LYvCftw32^Lu&6iY}w3}#K@Z_Ah*Cu zQ9Ihg_~Z1xovZA$=IPp75ufYDyK4>9>E_K_@s}FwcL@!;EvPkhrGE`m8IY0d+fl%y zbLo?H&Y)S_Q2~hQRpq19JHu(NICAxh)^JUVBk>_*Uf=gf0A}ULJ&r1{bc8M(Y+Q ziG+RGIWZKV?moiL4(7|Fd^Hc{O@0nzy`)iQrHJVaIy^ z(h{Jd6>{%A>9KGAxH4D#*T}I$S2lT|+BAtH3&+ZYaPvKLxX&>~{T}FKQ%h;+yfbyaXK8QX^pJ91bu|6drLu%c$u zOxxhk<-wRgzn>1!#}xzy8z`QKnS@kLLgTk!FZyB(0dOn0;6*12*Lqe)E8Os9jPUN` zN~m1)@>U+j8nGmzSiz4CTJr*Vu2J9pxR7 z6Y)vlAH(~I5@1gq)armBGXBpjQg|qX?eTah=7lt7%IRu(<3tYv+^<09I#o_29s-Be z7SEx`*7B(JVX&h!g2_bsIA+rx#IQUw8suw?TD*O~hZ3evi?h;HXs#oy+&>7t1~y%_&;2@!R5S*NyJ7Wl_-`qXeo6rW zQ1?7+v$DdQY4Y|E{4^v6ro9-@M%{e|+>u&k6Ps`fbd-dTLw;KNbr+-DhH&YZz1kKUB(;J(# z1Y-&8uoP+tC-_^I$=l1T6m`G^&{Cq0VV1ZVtyoS5F0xQi75Pedf2H5nFnZzS$Ga7> zf=v^h^i_E3RenJ3U4-_w_9$6m&I)CfUiw8Kf53^J3`WqmZS=0~V3dx$`@}P84z?hc z;>=+wRk53=JtC9pvaMG@T@?)8YC)h09&BS%(}2)qpm@H0#NSR)iX9lV31|(iVqf8d z&|7y+GI34;l?XD%xxUHV(`cjlFrji$xvz-MV7_#onZgQ{gZ!=!AT&*6+0InW_Xq^I zLF#SbdO4{6jyq&+`65s%)o^6yJ-y&^aV1QWaT@if&zxgKKWqNRoguqrEGKqFSHr2g z9&+xva6Hia*BBO$fHtqUWO)%-x-}_1&Zx?Iby@rz^=h9moT7+*UKSE;xz3PG_atBf z&BzGIbkxf&N)58rI7^I{p1Fa1x)QO58KbR4r~;#$o2mOFH8#tz)))-Bv$Km7wQR`l zG5IT2&`8JBNj-}~ZOonS_QgbM;5%i;JeJpyC}q~rVx0-gnq&wIH;8Z+8Om}|DlPGE z7a$$#v+wA((KHqT6lq6yu)Pu^92i+V)mH zZ8n(1jcw3te^J3EtVn{+LrTlqzxU6}12bf)a7KAL^4ZMM@$k%hmuhlG2?p7P9x6yE zV9ylB5GGK2SdA`_cSwAg^wzI(nz@X#6`PJLBUDwg*Xeb2!0|CWV~IjRqY?MTOS)g` z&`-@DA)_?|Uk{Qmp$cHbK=bc9h%%Wqd~g?n0J(4dCdO85Fr>x4${Di^{2 zNn|GQIm!4&H-%AAI134^ee`Bf24z>jkM(kc3t){iu_q^8)d*`1;`PPlcD~xjznFrk zcN%s!77sjUJvGc2Ie!`EOB1X&xqne&j~oK&fe>3o-ajnWv|1zDbd6Iwm0{Gt1RebH zNeSdRxY*GCk*Lv98ES2mJHkb%&wuOV8Z;lth|TatK#Cth6}~(RTibZ5J$#;cVl;ky za4>xU?qrEfmTpl)c(I&xLk#PMd)uC5)+u&maNG@gnO?dYgx+STTHL8aS-Ll*5wW5) z#)9*J_=1?z*PLOCNE2wSwlBY$O|_O^lJcctZ?ysDHGtOs#l)694LSEHAUO3Eu0?n}HHOiy6jhL~aa~$YH16C$iB@OyYGs z&*1K`>)NvGYL+M^@kS1>qW=1+L&a<|k>^mw4QampfZSs?=4&@T(nMjFtk(oO_YtX2 za25VLcxr6r9_Y*(oV=D!7n z%y(Mxi&&Z)*+r_C`s5W_w#uR?n=hU%*vx`5TJki}#r_n6 ze8Ae}i*Hs(Q1D{$ciIW-m?sphWYu+Dg(!VZ?VVRg7Ol#xDK4|>9%SmYhlk%+CbDS# zZj1v?;i&+R`=@fz?>wfvjiz!PXr$t2jCb`?Pi}jkVam5kQfoaNV+Ea@L3Y;`nHq4s zm#1g>7zKcQ57pi&-AFUU3_}@m!|W$7Cod3ai#KMgyg3K+-Akxd_U%J^@M7SQP^oA9 zKJ=3v*Kn2Xv{^IqdMGu*6g=~kI;I{L1zHcw1Op%8`q_x(EB2&0gL;@V1*oJJO)u*MPJXELw$>e&U=!0rO>?MrK?rM>&p*-r?pg25)KgUoi}?0+DDiu z$%r_+`s!WT+*-UiJ`?hBMtQ-&uPJR}h*fG&~u#PG(PnbrQOn&P7GT zKzn;Uy-;$}+e3R`n>=tDz%U34O{+$nV`xDG&_}UdUUmw!8#8v6#STLfXT+tsJ}FNw zBq!32j-Jx?)>7d&O$o-cpgo8leHcMynggwZ20*t*O zo@dP7-J(z`Q)mUYo5%sQ1g_#LR9?=dO0me4+Ns+y3M?9uptc7B zP*Rj1D4=&Gbq2PkgM>NI1G%seJ`=XKQfUHCfMS^e`Bi1Y(090dL6DuOKWYo(mb#LF6vUrB z<)GAroE@S-3A6i-JTMCrqQ46*YF>BgfrY=D4|TV~?h`(bfo&h-caR4dw|%3KW@?}Z zc6#bB^6Sr68!+5R+s;l8%zdjEEIj7-!C5_^Uzmk8o9rI4Tn=Aw=q&^_l*bLt zGe7{})J&?Y)g^I>0N*gi`}uQjd15xx?MtqSEktxC1BX~OUZ;wVI1Lh;QcF!YNi|Rb zuR4$PyvZ=tt`jca@u_gmLL4V@WZabYnyP8Cjz1qIVKoZpEd!!MOu(U7KR^gW@v`o~ zX)k!CZAv*o{`Cv9ibcIpu}eax2rBGjO6$TH@=gNg@|1jlvDE_qPMwvjALX%<2{k-I z;S!31x^C;Pftn5`O$)UoM>_pH7X-x)7Zv2uxJ{+z3@a~DY0F(^YRWV5He^2X;`a@@ z_r9z0jYB#vdXM}(u9M;yJoiRfO~m{uZ2JT2<9ta35Mid^Q~8xTfDAkT?=-(46as{! zHH#5R`1gpIUYn)`PW3!d)jW>Z zkel1#j5Y7jy4;DNAnHOfHq4P9hI&{C_{Aj@eE?k^p5x!%X_O>i{SRJ`xJ|sh@NNf` zHC-TK*r1BkhKzQ;)wRRjO-qoKzJ*2hI4zimNETO255P6Ikxd9mzSR$`KL5RTFr!?` zA_D1BECr?*WE5?Z5%!X6Y~PAJT2w*7*&Upki~8w8@IThLvZbz1l!Q%$vqD+MP5t)i zw8HHcVVd!5Jk(Og>CT%JhUj2e=_jgqQFH)$V7w<;FAqrKf?uW8JbgQCh?gE_`fQ$f zh#%fix>(+*HPv4;GmO5J3f#-7qkws=Db_5>T zQxTEvhZA|LSyvdEAx}4a3X9Z?AS+?f3Xh%~+J$6@(CDT*UtN3t7JpHa`l3$5aBP9= zZgN)xJlhetpXh>6_DMTjayj5)2NWWYg6kE2%60cHuZ8V|uOOE|G*sW~jQ_qM%YiFG z0%?BTDNwBWz_?koE6IWq*Hg3aYqG*x2US}?l37*72!uy)FxdRc%ck)zYd?2LO|l%P zZIC>0pC|})s&RYGIvNH{qR9?{*A$wJdJJ0mM9I;Wo(G=t+yy~d_MkkiXtkF+xKT7D zO{*o$NEO=`H;rNtnw**pqF_EmUNHmi8=26x;fX7jHz8C425xG2BY+>>%Bh@y-q-D8>w-dVZS7*zOxibYS` zEl!UShaxF1xB3lF%)C@m)8y9?OP}dpu%>2CuoNpcjhGq6LqPXWnQu|2kJdGAazia- zKU|C0r>+aGDW@E=&CulGhb@LAb&awoBU`W3JvwC(0sgM$@BT9K^^5LfG@mr zEMVV%cFIi*4*p83hhD0|n#5F)%sXGTUV`PTL}h>M?)4ea>aOju+BuCm961wlkgpom zjE2FEnbmC|!pk4Jij8=~LoifSh_D8Yh<3C)2jLp-^CK;Ly6(!K9*|9{I`Ub#^FdKI zI_GTZ>G5C+$T#xkwC!Yyy6{PN*ImBp;K<8&QG9qOT0F_**Oz#`3nYy#TS1@wrS9f# zuqUtxzz*s#=SV*hGK~8XD6!xkvRc2Yfxb0mzjX6XSQsCEkVz1}?;D@8&Cza!b7nCj>pK#Hm zax>v?#bC+fzGs*Z9VghC_!v%8g>gSxz9W0E^24z^ZZF#ml|xpvJ1Fv%+a~1|sw{iL zND-yd9iCPDZrFEM+ms^q!%EdV8(8fkv*HCOBrh)>?@2F-CpER5dVp6wc)g#bE$L3; zy8F?D;krXs!ZVd0FkPUXj)MdXkC>;neT+)>cYh{g1IQZ~?Ub~~FSQp=2k|*%#PT8Y z6EZiEiC)vfj{^Rkg^M^`toFx)pW+RSq##cCd#rZvu=u^~T%YOG|E!eC==lpzH3l~m z<->zQ5KW4YX%+q_?tJ(On*ZF(0o7=I6#1iP0P-unotfZoP-4ve7mZ8Fg>o+S$me6< z^5x$9R$?)Ae&4l6HzbdAP}Fn+uQSFJ+N|q&2N#p=&)TP6$qMCdPQ&pldINmuIS`6895e3&;a(Ph$DE~gXjsO>HZqm8Lbic+&@3&9^~BmQ!AjYu$d*EvdzmJ zyGBS!Qp2-;s3OHCD1@>m24x4z$1KFGoEq1?u2>?_{Ae|Cbs>BRiT*i!#u$LAukj8? z6?+N!A39Cbe~7u=5;X~_Lzf_H$h?HStJ>2mU=k|`-1PEVz6Tm{V|$(Qu0Q%4vRdPE zHYSNP>LdARS_w&&woR)*ajvd19-tH(Js2D*QtI$@)=QZJ5b>DYQ<2Z`*ES>)#ZX}j z*il6em$c;AUTYj1;gTv_MX~`VuoSJb*Q<*vcOsr`Qrqah*2^r87u2LG7g=Fe67Fq~ z?jqik>A3UF#qCr$!4B2AiX#V~fiIsDm~x1?*&BI5vp7$fi@8{X@?M+udp zL@J^sH-7fmUIgZju)H0QZI>g<#fmg!t5h#0I9+kb8Cy~q-#!sQIGS7JO2O2xsfL{LNlei7H4K?YL~Qs{KHUV0h)&-0xGG9qv~l^z~!?9%A5!IM7D@6_^e z!9@XFOF@^Xl27X7z@ye^(C&s1`bs;X&VtIOgHRt7TB@g6imLG z)P~d#bG`1}Ztd^X{?!*#+~=hYL$NiNGf|LhacpZHS^F<&EF!+gVB zZaU*wf!iJg5KChVD$nTxs~q0k4<{{gm70D)K$jxd$kz$-yTju0;O{hyjEL z!!MIi1!cAi1ZLQ7KGbJWPlqv@PO_XFgeMVq+9L%QWaidpe0`5GrodQM9hcr9 z7(n!ePr9b($(rc0>kZm(b}mP*-1uA}XkYOiyu`5m>6ka?zPayG4tGuA$1qOx4r^X$_Ljvr zL-}pbp*mezfC%a^D_;*+-l-WG!-OiaT{v&gWpv{fGTW6RO8P%$l^DJzwONmOAYmGO zJtAz*YplpLkZlGESU7``jmdMbA$Fl#q}=!bRo{n8GR!@TkK3L2{j*S&o_3{Cz(Py{dVzjZ81GxIko zc_6J;MzwV@($MTIWT(mFTDL+zH`9s%WQSLH;Swlm==x^vQ8P@~Kg{cd-2_wU-SWl* z<(ve8w#&>7;fuIY6$>-7fiEdVWl?q)VHq^rhXqK4Ul|}SSy4Igpd`OCg+O56=bTdn zsBkfBhi^-F8QYeh*A}WU(1u(@v8Bf)>i|CjLm9?#z>|kYIOH2bqu_D%=LzAK5@M#x za{X@}RUbHvlKpC{5A)&c#`CTa{XL6#tUHY}xL+t_C+@shf@U4?K^;V_LDjuq<%5(H z3@x47<;;o*h3){%*RGtkK5GG@lfgwof?yW zYx^j5(-PKzhl#@katK|A{LrFBcovNjwKv8F;G`eBqUOHU6Hrd^4YcyF+eG=XQKgZ^ zWj<6^fBqhze@9mMPC&zscdIt-cXwFw z#kMzYG~v$+yGLJ2^IhWZ*+^6+)Arn(5+nj~)t} zv46>nF>KP}%lDoE@d+S5$~X7LQEk~wU} z8xRCVOWc7@N+oMi-l-%sTHP36`~W|OpL@cG z!|)E@?MD`Os(WOMt2sUz^@JlMkpQMGh+b*805@nT<~^S%Wr#ysdeAGo%}y-4UgCF2 zDc{u~-+&3YSOO^k*rLwIiy7Re0aZqjx`}Ak>yd_}YpS>LDDy4}b4!Uw>V+((7J;vk z#fo1yC6GV=MM4ASl4lC3uMIm~DAbRQ<+XKU<40doIGCRFVc z347rKduxiw3Ms7?5QmT=k|l8yI|{x!luib7&!g5HxJy8~{>(fgV2+Ndm>fMDB%nQf zN;vZXJT6cbyRrSMQ7tD@5i}DK!qGK+(fA{FhCCWn+=><_QW70H?ZZco6y2>-$eMPC zn?6d~eJts3X^yAY55Xx~H4m2o+n zmI$fg?&JIB!K23*XL!sz#nScB!Q#tuVjO`Vc^NW$S9>&*`)9Ezp1V|4?)6_GiA+t}ZYFxk> zGMsr^URa*Fg#rB?_VMBd{8HClk>J`8M*|Nv-l}mH9BW{9Z=_i2`cx^ft6b@X78O|b z$H7-n3YC{lDeB3<1BjV8PUQzCZ{sxXS23Y}^gfvvkgAg&&ewwu(98Th2Je-N>>0xI zgcD;v5*?|n+TCk3Y~_IPUUOD|cI8QJGTUe-&+PalN+7c> z>L^c0(W=eMbguz|EG}f7%wGpSfMQGRe3lB!d^aQinS=b68(kT!4Z5&1 zbys`%>rK;V{#Ul4dgh+zz=68>ScKF^iV2|Net~(G3U)!fdALq-4FJ8%I*LWby7eCg zPoEn@;uS%zEU;VnbQ)e3CxNHn6;hpaZj^oTu~o1Zb#5)jy00A)wSnDw84mbL^yh=^ zeG`%;1eOWM-|b*55-YXN2A!=Uf+VoEgvfSd?fT_2U0&effWaYiWnUB+m z%qn-GddA5Gmux$db{!0PgrT%#BOrZe=x~~kGKps*AP$wpUK)5@KmtS`KZ_1q`v%SI z$z*@Rf!x?5+!nZsxfY@TEVZ_|FUHD6Dc@JLc+M9Cj-m5ABajU-?!|o+hJ2eTfkqVJ zM`B*!S`-DoAtUoeXq-_7u>z(R9-RT#V+0!w`8pD!&>$_&#t@2cV9x{Ld@fwbmk*&M zAVlHLPl91F!?a|1I{P42ZA+3UIec7+hb=LA8`$GjY{$-wlq&Kl%rYWZ=@#OF`G7I1 zo`RV-2F$xNmov;?T{IvFc$J$4EbcovTjj5ZVq7+x1Ny_jUU{z>7$K@R2uhQP zkTK-D{}a3mL-gBU#CQJJ?s}c-YYOcf+AA!@j;;Y(qmi7|S&r6Q;lPSe$xuZJdd0ex zg1HCCuEb*vU~&l+F+pk7<*IGTbV@X>z0W~lTPU9iJv8(DOfzsjzfI%{a<$C8DQ3#r z!8!`wO{Qm%GAzuGhy8=Z$HKtMh0b8{axE$we4Ss8MDISN1)}FJ{?VDi%^aE6UQ=On zeK4Nb)`3x=tc3DhU7AZ5#N6u0Bei?zDcuTWflhKTgGkbVaAqFR)p)5ap^5B~6GxPN zhE%cG@8vaH!M`^TMU0W7q>_-o5|a|LwcGw_r4$1g|G8T7ALu<2M3atf$+^3WOM zs%!1j-40?C3V9UR$r+tywaO^;Ua;XgVm9o_R{r)uPH0V3|1gNr*d5_0GMo)}9VE{< zQNr#3psk?z(}f)z<4WAXWhbSJouDdcY9H^s&$8Y)KLN%-FcL2An&Qg1#qpU~Aps$k zSfb9z!*4U8;!A~eFq9mP9@Ng|{A9?;Ym+k5rHg0M7oODhht=1OJXf2z(#LhNCUD+$3!*S$bW3VY%O+?C9M+jp z3uwYSt2z9FRpPkDYdLpkci}suevG!f7`Y7X)G@Cw{-*bzvu-x7-{RQD)ruq=W z{jTNjy)jXN;d^H(4oJ|z;V!(A8;@O_{P(KKzUQdfI?&f0*68XY9GMVuJUn1Iz!`(l zHL{TlT*aHqvQ<&g0%|mit3Pc545k{a91O@C*atH{w6AmY9y|-RLNu6<*gbNF2BeBs zzCLp*8Ntnn(k}_lj8h9`>Cxk_w2G#DQxU!@Z`{?HRF#)9x~0b`_%FZdiYHmUQ+Huh zD+I*qgj{QNapz!tjYLi7BN#|>KJvZe*ke**=jeI+SHgq%ZiKDi?kAVNf~?vgZqN2;s(@_Y8;&{$ zFSC-tp`s-9dQ>ZEJYJBm{GqkMeyg28f=W$#Geqm`^OGeY3k1Q4ZlvGXhkDuejHNNA zC&UZq;J64ESnUt8R!EQCYi6Xgykf1QbYh=;F`P zfucvLv&|8IS8DR3h@_@U=m0)c+c_Bo=Rz^n@Uhv=v{295^D7IbO=&Rx02>)6i0)8p zgRvxP2#%@n?Khe7X3O;(Yf5Q9Qj01UcP`mssj~3yc=rGQBR6s3R%}RecVQpb4`_#V z$*bnZmX)N4k^+oM9K>6eMPq7AcHqdTN!;F1t(3$H{S~2_Zz1i6QafM++)$91;t-?g zQxBGS3lt*0B;!o3)n=7c^}s~-$PY}%YfOf$-}RMIhC+9D$d0_L=+LuZA($xbER@Y+ ziz=sqx*C(2Zb^8U_ZXEow}+7+KRSR@6B4cv8kmYp!L1Z-Bm4ukes(icu3hz263lcN z2NUK3n}3b+_dkK%-;okFRkg%*Nn$J48$BNplQKxu683(QYPO0LqnOeUJkRA@bTU(> z3(&`i_BbikI=*3i^@@-fI5^*O8sz zsNE|k@iqa7O#qnVgZ(}Ofg%X~y9igK`|+JT`x208c~%6V-Qw)oLdiU~<>NIq>*3au zKg5;70$K$x7q2}ZGHjRLd+88?Zc|$~qnm9U+3@AXq5=rnjrMNZ1*2g`24N7!UDd45z~**kcFX z$_mTTf`qZ|lnJ`(RI;f`-7q)%Yg@U&E7O0sgTyLu6jLeL3aX*gM`ryso=du;zM{b} zQ^`)sIYH?kkS*_1ii#4c#rG5L+-t% z*C$CnSqAkB#^eP01O%Uq-DlH(2!>KVop1L;_>6ya!a{(;&bK_iWQ_kBsESz8&++4LS5GK34w*E^TMvHx4WSlMM<>`+1Z5B{{oY0!3 z()I?ga>RB2H|*A)jOGZaI(qp0wLr`GQvTFzz7TCukd+-(%2spiR0EnupJvzle+wPj z5YTIA>D-1zSABH)oz=k`2}eU`Eu{TVtZsG+>4O89C|eb<{n||6f+30iJtkRUu1j&` z(oY6-=67(z)J0Z(u0=5xZCB4!Cd0s1zl;HP_J6w44fx~(4*UH+;<&Skk@Mn!-Cq*O zR&Jb;$Sq7&s);W1BH4YipUVb>D(>?Vh23-0=cfrO0l}}du6O{)epvEBZ>awTvMP;E z8!XWmRpamc#7iYU6|ZAKt(2dQ0jd(4Pm_=FVoZO4?DF=5JY>|}1S<1-zhqTHOYduo zfm$AD7b`+KPWkXP4TT7eC>dM{B)LDDMSZtvRcF{=03mh7tv&a}6ZLlr*Xpz}Kz-I0 zXt}P91y0f=Xih9DG;IdAcwO*w5Y#La$|95P`Ky(Gc%8ZL0lkZe|E!)!Ok`(BSn6~{ z_`KG!~ zq7GTrol(R*mvZqP%)~rdBil8!@$1wl*}r_2W7-HG~i!Y3#x!OaAs$OtOX9q2UwoMOLI+ zkKoeh^rsRp*Kj4}ue*cBS1|{ZSe2KKb>g6AhPXGimuCm+r45rh))g4T5()-zly~=m zocg(6AVR#~;eu{n!!%*(hfxkpl6dm@<_UcmADpr?#SzxySV+;Ag~Q)D#bNn(0At}c zUy-b%9oa^Wtef8*0E-6>B3Q);=g;up0DLlAz^hV50xr#S7~`ZV(=EKF5^Zk7N!sua z;@*m?;Em4+Ah|keG$oAL9UdFx2`V7q5fqrOI$sMIzO+%%%skWi>M{3xbdNSXdpPmH zc-*aBz@xwbZt?t(0KbF~@&oZ&sai!ZLyQej4F@KB!&SqQIA#a5 zuIYNCcNujy>6lcRqEf8xTcDnH^Llf8;3}PKz2fP6jejkJhAAItG^WVIqV!=-QheZN zU-=eV=^VtuZ@J2&Dab-OYXX|D(ABCT>zb9H)6v*Xkqcz2w>3Oy>gA158{O9P6R)uy zXz9Bb612*3Y;s1k#unsYTl)Y?t5_a|Ne&!Nacr+lO6}9@V4L91akpcq&hM+@a BIWPbK literal 17660 zcmbr_Q;aapx+vhWJ@bui+qP|+-`KWo+qP}nwr%VDIp<{W?5nl1cKV{a-s-BPp6*nq z-%im72)_XV0@DWw*MmV)hKPr}!UBQ=<^>2BfCLEV{1eWg4**yAA5GwbAOYaK|AaZ| z0|0Hnp#Og_7$`uXJpUhh|4(|;|GFL&mR^IN{lBX)^i&`yP`UBT(;ha*><Z#*DKPyl)yFi8CnaX=Gb5I{;01aQ{~^Lf*n;^*nhoTywq zGZ6o{KWuMA1xauf8CQ$NmRxK4wU)qN#p+}Y0z||rxMfcO?tD`%fhTAKHz-MkQM@ot z{ST*=Go@iZr&K0oc@0v^aTIi^$!CI2$HgewFy20D>DN# zD?JAz13fdxe<;phZw1$`R?_|=tj_&vt(@~IDKpk*Wye%IEA(ssxY#=8Nskfj2D*8E(53WAp0 zcQ0=_t0tjQ^$~9PaGG`u~kM&~X@{ZApwN+_f5fT0`$5>QBov}a>&r}>uotbGY{QrN zWr--T)G4_!rEubWxomU-z}OdXe@TC%{wSC}pnxMBsf<4%(czYes9NN+igaOL2QnEN z!A{?mmWEqjGvi79USqJ9wnmswP&An!Y)GqF#+&Z0&d$p}6-aEbPrlzj&k5=nt|8a` z#d?vd7z51O#8~i5=B|gAvZ(ssh%@~QaVBOK`v345H{gblldv8hyn2b;XNp5;p%F8K-j(U2HB&T z5#PDU=R0>42<~;F&{0E@iGM`WBfpt9`O6XHq7cLU^h=2?Q4z2t^OhL;Hz2d^!6|qe z^Jr!+4%jY1HspUJ&ipULnHgD`=>vEK{%f%Z2g?iKVf-gV3j_%8PeJzIEr9>(T{`)i zX>#=xf({&nw&UZV;gmcrPVw*D10v#Oc0#l(*~2e0f_lE89KQhWx-;_D3SVbCDSVJX za>GOf^OJ_n4UbmmWj=cXklPq+sls!q_#hg2oX921O)CKu*F(1AwNrS&)5H*w4vVYr zh{w|ljynorf~$~O^m{gV%whCmBi11mTOqJ$ekU@JIn5gRW6USw_=c%j*q4d$(#z-w zR$Wa!_aR)V5!<-iD@kNIc94ukA@@NB~9 zv=BMnn=5bKh3A#0eAfmrz^J7NA>aJ0ff`P`<5$hwL%X9^VZn3U^jL?><`X#f2 zzp!&}Ngu}Ovjle&tL{Om;V)`Qv@Q2R0c0#It$~MXnzPpW3ZqvLOD}|)2;Fld?B&5y z*Vt^GkV*AIF7u~Q_z}3$N`wjF>qB`q-)jmOS~tc{08<>Sn`o$s1Q={0;N4bA*O5@A zwo$pYw$6{26~S%?;d|qJFahyTu9ZE5q5R94YVctdLew4VfNta(gMZFa2kA>-}iuaCUzfWo%^sL$GG&xQc79Pq8t3DGJ(oRiNrw~ zyaYPDJh^RiI#Kc;&|ohNh99#;YY|6jI}=_EwSd+&=}%d?nS76e)pI>t52<^NtFsLGj8!t`5{1~+aw!%Y zs_&m$Wfoq{bQWI3Bc%)|tp3E$y95qg5*pa??!|=VLy?f-#S(0cLn9T_QsBn{)aJp5 z7w`qy0>tq3$IRiL01dHKBH!34=_M66JYWS#IW`t@h4zxV!K*#eX6e;?@?J^voyG>h zngMrJ%4b{PG_`&yuMBhJrL+%9X{-r|$Pw`}qntpr!NCdi>4A{4q)))O^aM^V7M;H; zg!+5Kab;r5#usI zGHB`nji`@evG`0PF*m&Fd&)==U; zs9UG%f(|WhNVrWd7`N#|&*(PEgLrlCSB`-Y0(?UQRaQ>4ocC3y$y{u9WX|M0usnfv z|H^>^eIq28j~Yd*&?U_)jHC$als0b|CJ=-B$#9dLOAJqhOt8` ziU7Et5dd;`t?{V3_C%&Uj ze3W?MyF(SI*%D+yG<8L~QSKF1jqFXLjZ;npHQ*s9^EEQ=BvvRV&>RH+Ru`?D>ihte z*~e)9kdc>H(M_J7}Ub+P(fUUaq1&j&L(Sr|p!_!&5k|vvdXxBE#fZzv8 z^KGaW?n1JM(`Jwfu79aXSWbi~gB$Xre9qxuo&FiI_Ct84$TEAtT45)U@zjPrl-`#b zD#=;vAM(}wCog37sENyMB%i91ea?Fqm`Vv0x>+~?Kb9EIC=E6u@HP@YpwBs&uwezF zbONQjM`H!5iI5DS4uK6&!rskUM;i)~wsY!go%Rs zc*+lsK1|-0H0X>}IuZ)9YqwA7S!=m&q_uyJFKe_KJ1PM^nxS8T_k3J@R71=CgeU?XE<{Ou=*5{6X{+PY_&zh&STzsgh~ zT}s4V?PJs@%RUfV`yKen2)4nk$$gZ)xQKSx-kwRDE_Bm`&Ysfgq>Pq4*=g`*hO(qM zA`)MOk8bH~XL)n99ANI!mZM6c*L>y=#S?1nknpt09Fn}qe|4>7?hyzYv4-jGc@YXT zsc-=6B}<-Nz_(LwL-oXE!+PhsPLUVXP~O*&$VT7ssS)^%yK0uh5{neT%3V4woOvJM z_xyzTaU-l}H{_SOW)<{Ys#tKfU!1{uY?43$M`C25Fw8XMldZ}rB&E!YeOON2bndEd z$@zcy?DP`>^%s4g1a}E-czPU+TA8$|_KQVA0mZ_V&9;Fu7=-n*|U_ zELkybz)erfIf0fq_YU%K3od_vYd55XBMQ0SfGR9+;k8|kR*l7SlE~&%b78};Q>DrFa_9V%Up&yPnL7lP3? zjaoJ?o)i-J?o(?r>4h`D5RX{ndQZ3t$T)DZ zM;+%XoKGSwKzF>ALW-j~VkEg(2@yKR0qp8I`{;eU}t+(DleenF>jB#n@fYi5qG>q7p`h1JY}v=Xzci z_?Kkd9qYlTxxE!`UA~D=6lt;PS;+>x;JOtD5M605+#HtEydR7(7h*C$Ac*jrZ|Qll zDpY)fNs-JYT~?IL393HAW&X}73H;ZaOmZEto>SRRb$x!KNSs&@FqaX(6}S?x8y<(2 z)a91Zmk6m*ef>p=a)9+!Y;Cwa5T|x#wQBcz_D0_5s}K?q3RuVLHg;&?1wzY~t%YhE zPBR#1Yye+KqASFu>UWR_Tgd_sT=Aq|4J$Q1JG`!m&UM6X?ECRi)s)<0=G)DfHuVSm zj@36rqJ-#i>XHfNGC!9z7L(T)<(6%9Gb>RzHSJQG3z;jQRFqQ@Ea!r}Kg;0ig^>=P zN8a=Nw7^cGz#jA)Uji?67m~>Pw#d0VQPh?uGfgg@c|(=@hyRRv7!OPwGt@3Sj7jRa zcm==|wK&UlfXFa^dQ+G>+9eKZe8^8gP@*I3$hYnOeM2AwxcR3}`OHeAP*j82B9^~6 z8a?GP5c{D9EUcWf=EAPiUTCvkZUIVhK4U2e%byrnPuh?tvBP2yBQ3UwjdqPor;V=i z2#yax?~eDd9%$0E^>K(qvBYo2e&S!XOkMqEvQ)@EpQfcqhS1BpGAsKb2i&uH?&7BL z+G6SVZmg@2jYuIgg!n0IhB7O|fwWM$7MDkKB`xESb{%x%3#b5ajtZm`-Z8M21zs+l zUyQ(paD;}DnRCa7Skg0qbN<=jb8xU9){C*UTyd6$WOF7$l$Zjg2eyk~w$4|@uv z(06oCI%4EK9QN|Q;ms*|v>IDdK30&Sc5~<85g8C(N*M#DwjMs&BKhmY?O=p!X(8;D z%-|cTalBFdOh7JgV|xA!YE(D^K*MU=hH0PzC%>?&_TNgLD}t*!M3#|fnH!5t;YwpT z&n~I-J0FJw`wHCIb)~3&-n}#n0g#pITXE$`6(WA|ogAojW$z?F{uc6G$XSFw!*zDk z2vHLE$f2a)SuRX5Cf~q1is#b!IG+}_lq-K)n)ZNBWy&;p^#<+(}v$@Cd zu8BA;!(3S*%AV4GZD^$RN&E7{1Ot;rrl1#v#tBb*gyJ%&kPE5;$i)&45yl*J{{#Ta z78eF?f)fz#?z>tFt^|30DAky$8JcyJ?F_)--;?1Q$Xi*~KISgW4@-F*hG#|Wb%Nc! z-U`eFyzW`&P*#uJ(BL`PNl(Jjh+mM5s@O-}hg}$POCRzbc-JQ2r-&rQUf=1EZ|}{$ zu?d*g0*GAi=a%bPWkepdNCq12@`ES`lB(){LieKYC_EaPcGfx-9o?!Su4=W@P~l1Z zA=ZFy+3@y-beSO4QpEUzrG>S?F`teipAdkA_&&%u_SlvojDUcw7c(NKcma2TjEe z6xW6*D?v|2(v^i0RC+#io6|*I$r-T}$^C;XMFR*L*)sI&mS1DPzwy4ALu*5efUDDZ z17(a7_ziPcH(Rj(8MBnEf3I#erN{JJxue}dc<3np;o#wlf#WA`vgCpIIz1t(l=vy?m8k59+sn*7 zZVDbUitt)aAsgpU2x#BHQr_6-fF&3fwWo~yTf+(naegx5bOGe?cPJFVKa;R#0vsG$ zjA#O0k2fOqm#8&nd!Y`Eai50paVm0d+#P(CJr739-)9L^37SqifMm#jcN>Cx)FH zJzEJZRpS^@rj0Jm6QeW83?yVB@5NxiNB2y&E)WZ$QK2C zIwr`2H3>zb*KGk7DveFe3r}KxL5I7{3`|AJu;l%EsdUq*>!G25ZI!}I^|1u;SkVpXL50Yt&*vD zFIgEzY#n7;=AR9oUYB6-74d0s8apJPipB#*HK5@BsLMGkW<$PmX#_rc&_=z+i(o>N zs74=kaRom1=N8)m<{?qD95q5G&7~LUQ&M8fT1FzmXk|VUS5<)L3sC^OpJ#7z!3hTC zI+7%^3MWHux)LuLPe5E3N?Ig*LSUP+D|oP8!O5y~9EL*wqQt*mX)McCD+hM)%mSY) z=;2eK@Q>BYN_9(hSHenVjKvu;fXYlXZ;YtSW)WFZt_9LF)e~D$_nn%LK~!| z0Up}nI{wCLB)q6#QL!_G^jNu#TAP%7Db}~qUD*%^pX8;ImM^ARM0l-XFlM+>08o`2 zL+4PO@tlzGu0m>hTra8f^kTK3dkjA_dXx=RsdDKT*(AJ}(xr~T=kQYe3Pe;@#06nN z?wFOZh#Z_CZf4$5;&uJWJt%JLYD>TFGLEvwL5DD!av>oadELw)q(Xpj3Aoq^kU91H{`_g1Xh;c!a&_( zKzb{*!qwC!dI9j$gvTM#E49CEJRx}lYoV`Ir+Ny>P!{CDo8O@@Vj`^*p#j338|DJM zIL3saO71*c2^bk==|B}M2b3ws0}5WAm703enN%rZxqlj8KL3%vD5%3A;0uImw z-Vh0K2wM?$KE$FyxRQD9!>BCa^xFRT1FjqA{dVe*k1L{BQ|ihoiwuZOdHa!IMgLW{ z`;vk-SP|^Q{TB42^i`O%rMFh`as9ioTFX$^}y&?89OZ_aI zsjMA2AH$*0w-EjGtDjfrJ+>u!!9c(@OL|*aOthu@1TC`aWOojHhJ!a3&TZI9>rz$p z_$n3cbIh9|xZ{CccgSkd*FQ17nu(!&uxz(qIug-D!cm@4zwU@Tpv2P!)TJI@U$UJpGikGW@iVBoNO?Up zZ)58S2+{MBak|N82zL9kp3A&q<#u|>mgr`LN~Lp>r)$%Bj?O%rmZs@oQ`|wQG)v2Y ztjDmD)GfPMt%-T$_+e5$g<4}!UQzW9r8U~L_Dv&5eBhdG6*N0K|)2` z?*Z-U)aw~#XbZ zDvT+6YrO!5elN`5S}F>tKBv4o&aWE?&XkcP@$h^XXjY-3JXO|2tRHNfAndZX9UvsA z3}|MT(h)ZIlg5!y#KQI_Rf1(Dm5@^#m)K2Y^4a)g_#N+aaRRQ-Be z#3A6SW&C98AF=s$q!8I%!+6A1{O=)B&%1#oSib_ETy7fB{yg3zRS--C380Uc0MD?S&mTWm zTsEj-u+xZD+3x2b84r-HzEf_+H4-*RWr(E#+Xp?I9c8|SiJ)gm6r4vCm_t@(yemTUJTF3wRGi3FM#hK>+Rx{u`F|v@P3D-?-gw85+ z;8}a8q4j9!m2bD!WWq>AmnqUn+SPL=?m%`z;T%vJyBefv?Ve6g+pUu2)8$ChwWbUPnQerRlmVOw$sy%J$o3flCC4 z`_eLkJ23Far+;uf^sj&o^|ymaDiUG1osPV5pda{gl2x0j@C|}ChQO1az%Z|DLW(ZRI z7#K76QM9;Kq)y;4A%8pFjBC#Mu7tX9Jff}LCti`cs$>@_g^R^uo-6$(Q5VijdMKDE z!79q-%Pr|S(XmznEH#Qbkq^Lpy_a15*t>*uckt(sRrU;aX`-SdW-Wtru}m9DB5kCI z`^qWW?-apfVX!8XIpSdLdY7*90PDA)&%gT($(D$jF2kS4dobmo5c&m3ip%^!f4@;B zd=A_q1EOi#yd(3R+-;X?agy|g(rFKv^w`H&SaOFqj6?4#bTE_ zA5vvcsm65R$kD5=!D=ZwVPdM6t5Lr>82mhG*(T$$Qg;G_k&FjM>t6kC#9eH!Wse|# z$bW$`F|!{}qvJKlfq!=AtK-!8Ffh&!|4cTD;|OKx36wX7;kZ7z8rSg@X^d|dMydHc z+Yv_~Lj*q;E1R74&g!F=;*#CmSa&*Iur{&ck=rYf);RXBW;w96$z2u7Z*Gl53&@Ey zv%c5iL4mi=pl9|sI#UD?Eg#KIJDenwYcwcS7kz6$adaL=IK5+KwIaIdVXZ;>&_QE+ z-Zr>sBScUUUbZn_Kucwad}>q6t!wz`N^ruUYp4^c^Qn(Vwb@mV#Sm78!&}XFRhz$> zLdFQm`mhkH8<}Ujx|a5bQ)IIYZSCYpkolB_o8csC`^3{~UTUOPPu^L2@WEQGlgCuq z=VL3`DM151Oo5eCvK4sB2+O zw5yrkq>(ioXC75%s-H##LB{Aj1(ve&0s2%PMaC-0rIadKFM4a7RFuu062ere;;e2v z(!EQiWkM8r9mc+KbJGHZ+vw4l>{(d&sKS(Ht-EF<3;5Pn;nZ}QT+if2;9uTE3qdYZ zS6@_iEOF^*6+%ZRc6hx=f02WXc3L2uh?9XnfqPQo%sR9RJNKf2Hm$02IGDa8cR@04 zNs(vN@2ucwaY=2GjgFsv@93g}cOPS23N5Ukrv2iG9@GX+8f#T&xv>_ zZsw{`TPk|=Pm;0b&eZOUFD}Q^@A?Vm3w`*~G?GRMR)w+9qTd##FPM64)M2SCC;e(pO2_-ZL zWX^joes!2a>ifqwq|pFH0Jf{;5o&xO3kZv<1z?Nnpp!3{xC~x?agRQ}#;-Lv4=A#;*g&F& zD8@VQF0)%{69ahW^tK=ogR|?VMH0G~o9rRVJdeCt`^_53a?>LzW_p@cFuB*m?9}kC zTTZ4Ydjv5cg~_Y}BVDGFF{P27EDLIFH`j_e!LPaezI7>TW|e&R!8PS1Bi$XqqXQKU ze_i@zXNtW~B}72T+luay|4Xk#roBJ!mC9L0p@g}S%fQ<@p;_%JGo-aUCy*vgDo4H_ z?&gn3vUon~$|h7NgyZ)quU#EXg{&jqLTir- zW9F0&C{XyZx9or@u&J!N7-1ji)%1Yyel0f;B{B8+}zE4~fS`wn^!ZaF`3j zXJnXsMs!iJmRps|T+M>@Rlo$)@m`Vs;XVXcjVbZntLpUGaKJ%PX!uEEb`uk007sFq5znG_Z3W|NVJ1q`> zi*u981sQ@bHKGK~>~mH#wMq!kmg?nWo-Pk;YBonlW*CO&#&rg^^e&&qO0T_PBOcu~ zx{&wd>{CO@^!6AjH=LMH7|kn3Lw-U)M0iQ`A>%)Lw-82D3m-V=!lKc@9_hmUX(r zMVkiS^V0PaE;Y9Aa?mpDy^cEst)+a$#UNXEmBrWai%)YSRzjV+vhMT&t;Z~tcz(mf z!nw4^o=n*-g3$N@SkUL_Op}^LabJLPhN}za)JFplJW7T4Gio1OBrg><&S7-7&z@*> zz9g|epB;yP4=%g*qkzzal3(pkLZaTDs(AmHsXBY^?W!i&PolGMJBNt3saZWzZf}CQ zh7)tX?pnkmmksy&)ggKIdH1}U6HEPx$Up!G|K8jih$*eVxZ3ks7Sr0}A;_eZdZ=h> z#A>PVusTPvRsMztVq}i};$N*kQ`YTJfZ(x@$haz2knw4=**i1K~BhNZsKXi#3<;nOKypyitO|o{uhM0UUv<&WY zTW0O5^TCNZnzLx1^bk z8{(r8RpCGTuMG8n)JKij^;ZwuC*K9px7cDzil9OKP#Hv?$&bg?+rqE&K|Dej+L;2! zbX6i1>}brDZ2Ft&d;5Jl|0a{fK_KMkX?lcmo`WFLFO$aL3j0vM!04pZS~u5HGhDCx zFInR{tkQU}(E_%9&0U5epqNl89EPMW07smeBsX^8+@AqXzfY49Tmugm4K7t29D=`V zJk)9ca(&m~8WFM}`L1FPgod&0lfRWh%x%R>rF4D(Q0GjIfolCNG_XPDf!?qd$bV%~ zsmdXO%mwpLQNE<4sJ>$pxrMWP5!|SU{qg}gWeVD77^^b4B-iHM1miE)F^tJeQ{a78 zx~iw0QtLe0#7aH20exE#_LGDzCp(po*-OQ#s1xbnhIdp5a5QyzX_rRa+M+K7_An{< z_M;ixXB~p?z1JNuD>JI5NE8X~*aCs$Y;gj};9(nRy}p|FP*djUc(%DTa^(%R%S3!429krhqquVX=Rrju%kmLE!VnpM=_TjftX+&@rD?eAu8 zWG{c4kNaysXf<-e3sM`K8p9dK?LY~b-eYe)>C2bmTELegq4#Z;Yz;-cS&Kt@o^e}g z7o$fgJUXGho|S>0e5sJL_FLBGS&kacR@}eiB^Cw5D-I8|aesO9#wUuE zRA4r9f89iK(7zd#?6k|1M;#mQ40)Ujl|oGduMgwSbzH_s9i4?Fg1!cx zG~@0N=RD?<33jh@?_>%#%22sd+HzGc6C41Lgl%U)vmwoEVgUT6*G;89K2SS#k?Vr* ztD;q+)ddb;9eoh4C^LRlR_m7U>tkgSWGO{Uq<4N(vR+p`J}7dBc?x^B3Y3TQVN?d`!|Y6BXly0HZWekw%ho=KRU{aLX?46F1r(}- zU6>-g(j{|rD*<_#1WNRd-PIi+LKLepK#v36DlI(*!4qrtSn?Wz5=$ILbX6N0tUTUP ze>u1zh_Yq<9D7H?7jM_a+9LE^M$5BZE7N+dl53(<*!99kSH(t^_0XsPz`@32J6Fh> z4%;sCD6|;>JlUf~C0+A_HfUT>66a2u0aq+1Pq}G&W~x?1SvmqpE|mV$8i&N&bb1`5 zT~l7#_Qs^R)`=}IeP=J*n6m8&Bt%ESwvZ41?Ca2d5SFH6d$1sn<%T|rx+(^Ya)C+4 z#`xf*lcE>7x_;2RawXP7rIo5{FH(L8;KTHLR8DR6C$ygf^nfkxz6j7Dorj@Pk;-<6 z0`#T01K(YAl`O?PW#*+0j&;f_d}F1Sr(~os12mJ=5QIHbn;nTb`4qpT8{* zH?rgYG!c}n&UlJ&Ysvwa{FAsP6%Qp}bCxhjdVi6#-yVnHgQ9w20)LbRJKtrC^F(F(eK;CYl(YQ;w<4%b}Qwt z&1&ICyDj~R&*w8|XuJe;md6b7O2+x<#rJ33$=b*1+ubYqFbf%8%eKq7?P7TDVg1<7 zzBDPoUIrV=gh(iIPys2dOOr-4UEFsL9d!mcv~#iSWdF_fET~xoNbV=6EFvX#kH&#- zcHar^v?~b+t2hA-`k78_o`13&YV5b7EFY??$O&q-!aVE9;(!QSpytpst|h>FlLL!R zo%cr*MxcM1Pz8Dbm06a~_;W2&s=2%A9>j)s+~cDZM|qG_@A312s>HY%#dL6U6lxW>aFho2jPkX0C}g=20fnzJcX!-XbN?7!+ob zi7Y!JgIy&aQ(VJ|$%~^M+IE(ycB=rw7^GsoT&l}}yfJ>yVQopCuH)*ksol0z5w&T| z-WBR0O{$C&Oe9Hcx=$-$QD>!NYqnj~w6lpP#o3{P%+?cj+m1$qvz2IXXQa?=&VD z2EgXLox_gHjkSZNu%zk?{j&mfYf{L1+B!w@fNn+GwN5L}puBoRh~Y8urw|vJqA|(t z;~*$6Gd6N%ciw96NEFHpK8`-n9}*)koxOv8Mkkza4@D^F-PBqJ~nMirzhzZWB z@X!VOS*ZmstU889>N6V`a*x_SNsZR=9aI+3Oy#Oj%hkg z<8s)MJ4lH54NLHBW?Vg$&Ht$nIoInr)DCP#@#VzYqzH9kPKAIwCeM;&mx*sD3{U({ zc%}#)AB*tC=~_Pau+LJkX`VX5JQC#m!4$OZsiDB_?g<#5Ibo8J5}@{@lB?1hQo`Up zL}p~Ml9}#HZ83jD$z)s`Es$bb>^}3MXn%zi+>aq-&u5CO;kiaAODI%L%8%0%q(jwK zHD*h?!Mz7T=JT!t-HL|7xg5j8#@lbp8n!M`7+x1u@2sZ2En@*`_|mJ4S!+rp07l7& zilU=~fCF$AD6iwy1)XtOmZIu~nz~*p>~9>>Txkdf$He==o0DeQA9AbYE@Ja7h1uWQ z{F9q($@-A4b#W2t)Hxwx_jFnL1Bu7((_UUELFqQaz9n`b&-~`-O{9+7a=1r8?v&6$ z5*pyU`jOvx7^-QN!oV#>v~79<3HdjD&lfeLO-AyQ8ws{l_JAg@2s^xnmUE1~e|9~}r3K7!Om1%)5GWP zAk@Gu2C^9{3UnADm8#Wid_-&;_fxeKg#1?o2uVs$In{E;3oiYuikiSY*B zF+tGP&QcRI&L1 z<*}Izyx|UNJvb+5>$N>eGL3Npd9q|Hq-(@q=$brD)7SJl=FB6f5~=rJ9p5->plggc z(?n-gLao{5zN)@Bb7BOC{$#E@m>4tzXa#q% z`Ze3y(>n*3K3^_+2R!PCMD7!l%s9>$Rl~r;quc1>Ho1{e1fj+X`}2orYKWK|xU4C0 z%oAC#r|lzhWxj#hfTcM3gEuh1lNN)^8jZ23IF}T|!qn$KvHLYU>F^6K=M8PeATe`) zQE5R@Y_$3nu$Q4S2*icOxqdE>vxYSe&o)hM>*hFVRS*0(Zw`9Uck0xp}S-F^3zt6cs&m_{7(#Zfg(A zH%23rYIWp8n4K|ahsMAi8x}E3I+|HyE2tgtPl zR_#yB7ix<#w||cx!o?O>d9Mft#gzGOr1%Q)HO+x+Nma$*(!3@1?JjtJSEqDU&!mr9 z>rmj#SmmGWx>BWwjSkpyNy^^5Tn(m-1KNbm9@eKttA_H$dIco-DHXhB=Bzti3}wpG zYELUFFQXr-zO;TzSXHxlRJP1pKx5lknV2n-#UXTgT&|_rIVT5=m8P*wFs?YJAPOPs z;aYtf(m{S|Z{`4-daU!ezP%u>*S--^v*z$s!$b?{n)jSO`=*k`DxId z)*HNj|KzY%^3428# z427|pa1tE*6hg5VZ-a^0`(Ty);SYPj6f2xAPd|S859%3PKwpZ7O*7-tkowIL1u*Mr z0xAO)Lt)AS&?!S}Wu}a0bsIKsz#isbZ;Q52v;AaDkXj{7*>4hM~egzn37M$to7yT!61&@jH5Wf<^#ev@g~i zHf(rRfMH8lRnIlfu6mPh(^A9e_Dzf%OXpNO(yXqqjN_d=z}Lr2uqfZRQnWN zRjlhj1n+ZTI;LkM)n`asrYtt~d#JY9We4fO`#>p6$g%!v;jn*dpFv1joe4vWRqXJB z5t4KuZQd!>SHijRs?;Pxq4yI$!bXs&Q(1196bHdE3x zhzWR$GWIf5_pbI%o$WzfqKk7F7)+Ey17du=@qME;b@c*8kz3tDWM_DH_)Q_RG z3@mDSEVqbB#1zfADr+~n;$^T%o~F_p^70cKBZdI8H|R_u8~CfwFnv#U-~CA6?EStw zN&O{7jSg5~b~>JmhFtL)fODFaR0n)3S*S4LJ%O4i($`rmj`|?Aslt40;B6EVx@3Vb z8E)h?a%15Ml(3VVi*qt1Y))g=P&>NB)Jv%hgUJOliXj`OzmU$Ug=>RwN!JwuS*tvh z-$FgZO>jJhNH}U3Arim>pTfFzEsAZG80BAa0^ruGSVp1r8x&%O>HVxgR;CjVtN6tmTn@qWeb#(r6m%^5%QaQ;JS)HfPvqb%z+p<7q@I;F5Na}XH1hv%+B*EC6f;_zkegU z%RJ9}{=K(WUk$*MbmneEaDINzkoO>6)EdY;FoHE?M8K1qbYH@sb)r7}2WJGikL_CRJUJfCdL4XxKG7@Tv#KofZuF94X#lk6+p`pK@fm&45j`7mneZg7BG?|Tb( zl?&3$q;CyE&yg1~-5fB{eJo$rRRo@$--bsR@VmTL*;B>Sd9G2d=W&5DNhzcFH&^p^ zLj@2fn|+!rscw}gh&e#82k%xF#Xp-T21k(qVIK z_4yiqj&}bAP5*ABAJ#{x4Z3Cr*tw^sprb2on|n`w{d=zi294qRE|=464RL^*abuUW z0;}|@N@drRKUFJ?k|UcDyvE8cjNB7JhOoXcb#x}dFjG$nwCJIjUNm&9(yBliLHF#O zo=(7(kTuhdO=`?Fl{vZ+)wCA^Gj@;`zwkuLGHe7pBR!0l5kpF#D>Kgy{95^c0&)S3 z{^op%0$VOPTm#xW!zx1tDTa+&hF*AAk5~Pn`s)Dug!jsm65`juZsLp&nc2nE%ojR*NCGn@#=YHsCUvCsh#dtbR* zDe)XO$g}_rLF>F2-+vzHs*oKPFZ4}6bd~9=O;aISt9do6_{HgulDR@mRo@fAZFMVS z4_BW>6bir7*2O11-%<_tod87})c_A33hATk-hHuq?1uIUN*I>%>EASCtC|fC3_G(2 zF@4t^dDuJMF~}AAX??BVQfXrVMVK}kl2lS~S=6Z8&nxpROzy$rG~?EJRqPd9Co)E# zcO<)EDobjzv4(?0SD*pCYei?MOu3ZRb;@JbunlnHnh>am#=Nt7j~&psXi6nFdfvwXd}b1Qe^47Q;6J?Lgy*av-MkenUa9 KeSQK10fwM$Q%GO{ diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks b/application/src/test/resources/lwm2m/credentials/lwm2mserver.jks index a1923e942f923b8d84a989055ec50c2441f79259..d16967343fe4d56689c12353dc34808625155eec 100644 GIT binary patch delta 6129 zcmVf2XzB#HIb@}V^#TtbzyyMVUT0{2e4v0~;<@VUt(UAY z5%)ShDIX)Q$$f>!bOwGHF%`Q={XPQt4clV2L?`*BDYO(WzW>Vh_KE18gcl^>o?306 zcMb27lQux?6&luohssz3@*Oze0tacnNxh!81z;@=i8;*oHmM|i^ofshBhe-Hn1J*CbY zi?%*{U_<6;HO!v&488jG~iITV|jI}^pW@P+8aL3(jb-O31mNW>js8J{+|QfUi|Rp7x@EUamO`(htNA( zB+z=$p;@Hbrhhf4=jOu75!G|ld6V&<^{bxi}KGTlcoi9KOzzk z?HK5HR<>J7YNa?HKdP?y(~ERd!qwWgf2|3;pzgqel1ADjy8zz_(cM@8Ih(`B1MMqP z(^ZV+T9mN2-m~|C_E?dZBPJt>erv7Eu?2hi@?|DyL08Hh0fGVKX6fOv<|&^Wpg4F-+tbB20cxLxw@^fUq>}GndCH@yek8=GDluRrf7-@3 zc!U{G3Q^2-`epuX*MV)dWxvJgE6hw--aTEVR7c!t6{=h6=HWh#Pz1Sjq>oZQeG(BC zg`wZO5JUb*P+>i0G7{71?ivO8K@XkZzJ~6JQ=dp^%51pP-)E<%%0f$%6_=-!1WleX zqNvkti51^#Q))3@uw70B20-|rf08yUMd#AxL4r(M8Jo7C-ve7tLTkO}xD`aliSctY z1hpNXY$nOcH*?M;l#1kx!N)UUD0Jn>7?5$OICfB8WBu`YET+Y?VS{@%+Es;-jx#=O z2lr}BL#;*4rjcQjpBl%VTiv5kGP8hp$(x{1i5WvvPorE=C_8Q5rJe+{f2LlI_8F$Z zwtoa-alCsybJTF0=|#XI>M9MmjNqSKRsn7O=;|Re?iosy#}0lKvAhavrj*s_NdjG5 z8Y!%OzlpT>o|jShP_1rktYo^b(x^F?^;SQy*vF1Tnx8rn^Fzb&PyBL?T0CuIs6<{s zEWC;QoVdRCkb~KyYecbMf7*GAnym0zi!%bPZw4LRCzvG%vEqMAMojEeV99*I7Fl1c zMEYQ|{ZXgeCkd6UJO$zt#6R)}Y=@x>#5E;$hoo^#9+>1uuLvI6rRTSSMjmmkz6j<# z(E48DStLXi-wPDj0d`T!tu?19>1P;wFt-rRH6Kw)eJ9*CH*GPPe~h3TK<2JBwH2QS zJFk`guly;ZUgx7ITh38nbLX-8dDu5ChxzW;YvE^;C7oBddLyr@NgC+Uu~YAJTVLv6 zN-Vk5E!l16vk}yqZ9)UBkC3Mx-_yD@Zi9X!)Rv;!lJWxRJr+uyWfa&3i8@uo=q5tt@N5=nmWHmS3vIO zMOx$G@jvnJ8IaoE$159L^L+OnwTnet6RjOCT`x$4SOhI~f6B<~-~Tt zyM9m}1yc*DR~?72kpx7NBCT^motVxem!{ zTd2w%4rjypf7deg8Qf9DR&!EUsD`cRmfVg(FABI+I9dhsHUj5EXb%mM9N1-J=yk#8{$y3EOtZf6zesEENkx%nBRERH-fVRxZtc zT8$4>^SW5Wh;T2hzRvy%Cv64sR_X@Gb!tn@7+wJ!hlAHrcoEwdN;2b&xhJXDDqO19 z!r{9nmv3JGC7~K8CtUS6MW`091R}Szl3cBhJ13^@g9D90eSyklw2x(t#X5FP1f0wT zHp8+Ef0zM4WIjgVAZnunHBDnhC&?5WdxinFE8J?bn5E#t;Jq;Kf59o;R`$YfgV>Vw z)Exu6_hV|1!B9>Ti~FE!^?JH^s^j_ToTIL*g1t(iIwXCnhE@cRo@)FbGClV6@@Hz{ z+-Vf59NhNx7IT7Is?FS4_422#C#&n*^7mXRe=oJrYl!vk0Dv)da&V3);{^;wAaN*e zM=`S0k8MEzw$`1=nBfq931P~!%9JCZLl5dhLUV&_C6;hL=I?B!1m=pzCy^pT zC)v2f4FpTUpL#Ey_d-@iqmWQjv!rBTYvmN;{Jk%*^HG{y)s)&aP|B!GCt=r0>_y33w<@IvY*aEr| zzE2~tzj;%NhS|OwfFZZz7NkG-0U+6UD50tOGxlwNmlbIj8QNdxXe-}4x zd_S2Ywt+M&@!Iosp(_1OnC8>LMcCyPK!wEraR9tq%p;4Almm}y;;@=V;Gz5JCK!HA z3f7csq)at-29D}vH8$tHQT5H1Jcr#6l~czol$t6e^NW^}ROIy)A7Hgh$lYu_*lrq6tyi`2h4ATgKAQnNs&69rBy7HPPqCj&g(TIJKQh zgHiPX6-+G{*q^==X$|S}auUY3q*5GhP;4M`%wr=28HR?i>%?=fOA?3Tf9yn2L`_N$ z9t-3q5i4@z-FMC_I$}S4$8J7e!?$sut71ODSMOf+B9!Q2P|j@=ji>js;UkI;>T*E{ zA|8vZ)u)8IP~0xceTs^`57}!Y_>9&RXKKjyY>_2j{Tuv{p9K2t?<}7;K8svJ_01s_ zE4i7|%wW8$a_75Y`QCJ^f1@-iGZ7bQeds*>LmYICdS2F^2>@o%?ZDI)j6&1bF-^&H z%`opR5A5)al77Z1U-JOtgHo%RTQ86#V@gtb9C76&$at3|YT_8Jef1oIT;}yZ-u>d5% zKi~x$1w0YdE(>lcxX82Z+=R5{l8Z!`v^VEli??Rbc*FqeG@nERp3=PPrK$?X!+6mN8^kOfe7>)Fs-1=vO;RwRwz3&vd3KDn;PqraKQxM!3}3sH zLl+_Ectdr2o?N-Ll5>x{F$%SS^ci~SBF7xP#@(chdTFeef8`zqtDB+UwygLdFNA^s zi+ItIdPGaPv*+`O15v^9FFW)|L&WvdwK->7aHF#P5gV0^{4D8|lvOX|c>KVv;&Oda z^&f_-G-|E9U4$~3{xm9bMif=zMZmjG-cGw)ggGhB6jLEv5P=2pLyS?O=&5oK-_Va@ zm@=2t5cI||e`obeyiw?-+in7PFIwN5Ct0UqL)Rzz`5BGTe z&^9})LRbL4eLuYYx$?ur<)@>+9s&p@iL;|0tEg=%iu>5kw75#DCbPn(So9(OQGYmZ zK>n{C22ak1D287b?;7z};R{-!(kUIIsVz?Iu(hc4e?is%vpi9zEs|CFcfUwv{D!;^ zAU&B5J?)?p1d)Z=ZmyGzRn8I5%=+Nz1&eyUS6mO$KWF~K$MhD0eVG$knxHQam-5N* za0lNp&r~%+^-~1+h=T&%n3NVY{jGVPhO2>%+mc&n)cu0`)O9k`v!Dx8TIdnm>z?}0 z{I{lmf8T-vsIdab{ls6>d*A}2XnqZr_q`kf%2Mg#82rw1pX+$WanFN=h#nrhce!>j zCmh;otxG80#OkCznd6~vLg{@QPNe%d*ngSMFhgp>tl#E5=n!;{w=zhEI{~k}0n8Z> zBAWSKRCek2#y}K|V>t^ni~G3^$Bs&o{~M)rWG+LsLx)vroUufR=A^R_v< zg07Fcd8-2YEJ3HUWE6OIW3nkoherrbF9ULm-I74}`jet0cd3Iw>I@8zS4Zn>BJjJU zf8#<21BXmZ(e^J)io=!8qy#-D^=UFHtXIk*dRyuCH|gT;TEeFG(OprJ!tz--euMs; z8_@lu0D#3m+)(ThA5;7Ud^Lh;u8Ho^w$^4P#gRsWVfz&9#O(f?{BwHV7yfKLyF4Ju zfSOl!WZZJ*E4`WK-}G$jw}!OV1C<+Ye>(P@VJrE@g2L8bz89ygLa&URHvf{DTBqkj z>1Lq(BFZG(r<7HZv@PzQO=+v+&Nnn7?c%g2LaU{>m{aIQ_Ii*|{*&cc{$ya$1L6~* zJT6S+5Po#cy(-3~-z9Ci)>R$AtdD}E!mbU6qd{J`2&Nn11B4*)YILB5A$b0`e^JYG zQ}vt;+2y~E6M_D~bgZFQyR(iQP*gx=)~O5LS?>#oGG|!eg{2L3FOSS2ZDCCS^)_&< zubbx1hUm*mP8`s#yo;>iGTY7{e96nRTOS3MX;)FaM@}4%jY;*@oY5PNDAlM!k|=u0 za#Te)Qyi@M*)*Z0U#GdXn@p+_e;rW(f=v9y=Y+NedkDv(!!zVIiu9|%HL1V3#=A1z z4Z39tvJZebizMKcid=OtGT#yHc2(MEiW&4c{wfGXenJ0tLUcTp*)6CyH3mf?pt)dy z{FY7m0UgR}PQD+vJfxf7n&Db@NI_ z?Vm9R$$u@%`&stQVAavUUS0Cf2VWUooPOtU=dfjSG^JVhm}5JHq~boeZRj!br;{~% zcdvXq*%=ynl_pIo28;)6NfP(yK|fG)F$-IfBcJ=PB|rILohMLNeq!qe#~Q{YDs@UF66@mP(3I2+l#V^0GEhO=Jg|B@Q0C6u+>YXoP>_orf2FnrmFkAez!=M< z>h9(het(JTHqJzq@i1lpO~knb+S-KO)Hm3$>n)H*dTzwKFuTjH{gk8!jJkldWnJ9! z@uZ2}0@#qSleXKrzwi7MZ)4OP4-%hYkd=H7BbG-=1%2cT<>?BSPhN zw?|u2GN$j>glUGF{U2a~CFLE5gXt%H!CSdwK^vCY& zh9&99nLw0-uAIo&ucTsL29<0K!ZEA*0tjVIje!{%*t)kuj@Ue`Whei42}8*ZH$Pbq zeydB!DaI=ZYs)#3uIUxODpWvm-#+*z6u4vwFG(o~%YA(s+GrW>vIv0R%an(rani0A zMTq3wiFNjue+#BXU(|ZoKmoshi!A2e*#6c5!+^TOBYn0kXb4PDTR4Qua7~PQ~ z>|I_523$cWHh)7@6HkBCJAfm9$8xK*Ruek+|)g4EVGGoNv~cr6R{{Mso9U$?3pqXpOMAl1UZtI z1|gp}*rj6JPqR&*-ARO#=d6Tuel~ZRzaDiB9txF>n7c5tmm2`}Xs$c3vGP6fm&u7W z0|G5U1Zi1|4Pg8)gc!Pb6JUVUg}mbBS%HA&f6L{HiT;38!LyPq^4kLEiCQq`oA(Bl z^0nL=*`^{D6gx%Rh=SSClZU*?ivr-bZE-G7|D(I#&aJ1f!a~+BUR{=pq?21O*j^VH z6~p<3L)8{NEN1;@Kj>4xq|bB``S=dnWE(c3o>I4rzeYMjxd`AmoK^FGqk_!2z;K+i zf0Um6vtx$iD&aYebbdWagN({;pH0LsHCWw_+Qd)gBmv$qw9VyS~dc^`E#9=cI~&b z12L`fmd8<9_<(-}U-T^Rc8JO7Yql)Qf5bz4hSiC#kDgY4dw$0lFX27WK6$@K5P{o8 zSMYDD)tF}ULZXD6G^+f;Gg}fcW1xjJYKn3?JIrZ}oq&OH^4`>*j3WVr8J>udgxdyn z4^=tNpnlzZ=%z@?_%(cnmxIEuGn{I;!mzAU%RWb(xTHQPunN3p4K&c(7e@-tf5SU4 zA+&?`?9!pGcwidjk!vUP=Y3?{w56QVG3t1?-;>72tW~cUKUV$APmOFN*7*2S^9UM; zE0#gPQ=nsAY?_rDtgavupNhyod?WUGnN=zk4@UlAAM|B~7|{gEQ>CUue=uUgPY7>H zpoy=&xw~q@@z<7DbxCys0|ADh DGMenJ delta 6113 zcmV<77ar)aGN3XdFoGEz0s#Xsf*92X2`Yw2hW8Bt2LYgh7{&yG7{V}u7`~ArQWP6# zjErjUA=@a)pLJpCxXOoc^!thV)6Q5SQ3F!FEfs*LtlfaYQ0VIF2n@+N;=9s5rrW0SH+lh(eNdzs$IbutSuC>ulL(>Z@v0p$liUF$ ze?sCJ?A>q7F@SZl0lzW?lz@U2V6G#GthJQvbS+}=C>y5jGxcl9=Vy>Gw{h(Dy~z@> zRsCWm=g`{67RC8<9n4eO13Oh201GD>tG&X4Z0mDL`e)zs-02Y(xFiN&7wcx4^LjC* zN=|NH$o|}2f5MnOfc^!g+(X|$JR{H0Eejboa)-T- zc|P$~S!~X}cFQgcdzqTvfG`_e$qB&p*y)2N7obZ>A8~l2r;Ins+1u-?J)!12{ZoJA z`9gbuQC~LdA-9rCsv+97=@_m5$Or7lDC=)gb^kDetnZ_+jksSprFXO+5EZ!ycJ zO9{iGCr2!o(;B2gel|}JV*`8;O@Di2f4O3g{Cgg|iKf;c09du^nbF}e=?|IGR;irb)Od`O zR_)n*QQsr%JsrBl_F!mxxi2mb2eExL(8d#P#^0l9K7dmk&2yYZIc32&RdU%!+jRjt zIbfo0CQ39XDDz!hmVk`Qq4%;E*b=yj<}e7KL4do0D_aBmFE{4dk~lukf6{%CQ*ey^ zu*`yJF0;oiC}xh`ED={)Je>X7&g+L9+akE?esCckw~+Z*OjAp`!qNbm?XF#_%@+D#zL5+!ZYHc)019rm?iJ!w%EGC0e zy(0!wAnmNnXECn@6>~^Df8whTy%^JS77TV)t(i!L=#~SZ*LaTr@2dOc)w&qn^E-xD z_hNFN4qHqAxCIlBNHsuil5 zC*t>LB|-XOVe%kn1TnXRW?T8cC>xV6GB4m0ocW?Q1lTiUM`{Qpe}J|mXhA)cBPk#P z6*q`ZNqxnWSx{?}!ub1goxmLbPX@df&@v`fe5IWda^pe9j`{p20MVS|CwuT2_ zwEaf$IMDjVcl<(Jf35DWvvdV?Pgd=J4}g>ylPU9I%pb;ZyrGcS6A#DpVW|nIRe`X5 zA|EiGJ+-Gx7eF84ZkUL0r9n(c1mEAJcv`OH_vk`*0Ce?d$wLY6-pC(BzNJj|iP)8H z2&$QY#;n@@RWY3YXxKLC+C#E>ss%UFF(EMjyFrR^p4h4b} z_k+@C8V&<>z}xIclAgib)OWDq^N1>*ML9GIv-ynye}~0doCI+X(XlNC_wNJ7reIc3 zo@0#i{RAq-b+X745wf|3kwVzX2f`eMk(Ko5qS9iC&LWDXArEzX9t%SSYN+}VgjFA? zEgk1Ni=FjB|I90Pm07$)=99D;N+-=ye1GOj+z>ISYj{K7H$Y{?0WQ-WUl48Xu*rV& zMvNtgf8CPu0S9B?Kt#h z${j<%f-@uN2+AK7pwmW<^>iFNTXx||$80MF;f;GQDe_`@VXIIeD1AG+$R70WvX>ip zV!Jod!yI~CfT4->%yQ9vgA76dfS#gTKhkd?f1iDjS7wP6;-&F&X3RzkQ9)cN5^=f% znZGUn>M_WH$n>tFu225kpCC(_dQ5cj9X>RA_GnNhUXbc ze?Y*WDiF<`1n(LX=!50uDG+$1l&hr9@%3DOw3|0oV}H4DfoZ~QM`CpX5Mi|x7py=C zQ4PSF?hX%D#}4WY9V8kaKMh!C1hFQ&qCuQTo=n&wLE=Fa@m~Y>%mH;NA^e7(C%uXY znIJ`Rr}gMd&v2i)a?1k1X{iMYLoo{re^v0Mp05SS6TIN}4F~^o9T}I_+6iZ_#`#sm^d=C2e2?IMzY1CiOv$roTh4>YMFzjoRFEVLvoe5<$rqPKG*b+i0_aM zFJ1^6Se>k--YAgwN~BiW^(00?_}em>ezaQVi=QHmaysC3Svt*ntbk(6;F23jfB7&= zuMevV4{=1=pLS+{#!=ajzUW|xums=Aub+5i&@@5rgNPLgZGOYv4S9D}n;nl5a|q>T z3dOhei!ErE7I(>ltGj@lHOjoOFPJlYw%1;HPIosiB8A7Drj!jvl51Wh{CGAAr(>Ayu4NCqLxfXK2ICif?7W?nl)$qKq4fA_le06e*# zip!eb&tphF9;^w?bDibu&td9&lyi zej0DrP#k)9M%Hn0wrClbf0VA91rbzXUOTg=5I&@jZCpAyT|W}m!24@72kLs*jaAl~ z4{9j2Yz@HYXWE;))lZJ#bF^f`iCj}_k!gW%?O%oc+t-fh6+lp;K2-Q4j0ZVRSEub0 zPP}^q5wzWQrgBp`XyID%>|dZ3s+^z%F@L~c>e1>D@!Ds5MXRt^e?VijRHq8C!1t;2 zkXKN1S8ohM(s4P7);1;!sk!Ar_t-$S+a%69tI(I^mKe(yg}%mHcPnClC4KspjWvLS zNaP(qzABwiU2FQZbGO`+kz=Y#B`bW__MIaq^-szOI{fwG02OygAG=mKb8V~meIUbA zGamMJt8L>vHEjXPe~MHozOyrU+7JP~L?=`JFyoISeSxYf@sP<7GYQp+!oLw%^VS8o$*^^HC_O?n9Ax zuMOf-_w%zSQ%(ip=`?(NQdMuY7)vQa$gFtI@ZF5u2gg}@#`GY@g&A>VtL`O_@Izlg zZtcB7B(7EdOwfAoI?^tcY%AX8EV_97JcWLI5z)Oye@umB-0lDQ7D}F=5lFY<;P{Ek z8Ix}ZP(OW0x&M0bNRgo;e;J28JO|n-CpK1Ry{%GAKlqW2xT8OlmPS(UC5-#e)X{cN z81@l(?38mPV=E;g(`8pd#x(qpWm<@;eOF{ei^LaC0m%Env?jDDe5!cgZy=Wh9XKWN z7A+7pe-G*bO^d!S{bqAvm4xBL(MQg)E*nMerTo;IY%rjbCkym^K{7rtf>mDjXv8MW zc8ujbq?G%ARc&#(Q3{hj??9ZOQ+$8P0&o=;o$dY_D!Noy-*IUyW@_yfjwUC=$pPuN zT=9o}Ugb=!27~pnB*@@_rvrC?1$uX9XC83nf1OV!Qc?vI7ts$k^`Gz*oB6j0Mq>po zR6xsFWc4Qm6&=@(iF?fm-Rpxuo{bLd#4#asqY!;4KPeCx!q37~h$RBx&wXZrWui9H zIcNG|C@*X?3<=AK{rEpW{zye+a;B7LL8+6kN=wKo*l2P5A(ZxTa=8#p$9I z`CVG-rpARcl`FLU7}C)66^-KqNMO27ji58|H3*3jfHmob4|xRyyCRk-W|m zeny!5Yv6eY`I1MaAl6aJlZ0`{a zq-?jg>89l$ixKsxYwJlOGw`H}wJ1h~TTcq)bYJ-$-Xmyk3GPx&*1DChsok$7I>ZX(SG% zK2AAp=P$^7Ut!>%1X1N;VDrL1`x&eFaL@`O7{K|!oRFVhRUT;5ZEGNk^`Tq)bZeaSXi_heLUxBu-i2 zB?^djrM!Pcy;naJGcXZAJR6RtOaR_vO70%>xGoYH+E+b^#r>COy=nYgWb!}8Iu%(c zhP6Zu#SGj8xAmpeCHxD??5?#BrFUVD2tbD z16+O;M_`-07sK^VEmhi#g9%9dLh)$f0<@a zY$QP(|2m^S${cJJfq-X#XPCE)7O>O6P$F1|n^ei5{!KU`%VAa@(sif!QA|ooN&8_G z{^5S7z$iO2rDq^}ES;^IcJxg6-TJ>>lG*>|{2oT(OaHpce@%I(2X(IhvC;dDETmC$ zw9y~p2Qr$|6m=(r#SE{Q2n!ZLQ0-o<{mcP=1FM*6VtkY;!Dhn zcT)FzbfCh1f3}af2s-cb&14)ANU)GEe_9ok3xL14Bre2_a@Di5rql{Yp&YCj2$I!M z?u5WBY58)xVAKOIrZ7TIZ|1h+5PO3FgB~FY+mZx=l~Ph%&XquD&aB3Kb7`A&jo$Y1 z-^-e|4-KJl(fBLkrWFC%l^%=i0Y@x9SO8GE%u&$Hf2>dR6po7A&g2Sdu-m^uwnf*c zGCKTXO73%whl2{IK4R{JA+-Ui?X^aVxsCw>H0&%`W0faC6p2YS_K`;PFVTo|fbOdv zCoh;(2GAZvv2OajtL;1ny;io~hU^IU_QcWR2@{dX5Cid=F7jtM@Ay9$*}u{+A;RH^vE^Syi+e=qP5;%fdwFDkJT ze@m~5Vlk(}mfH=1BF^_UkL`yrRqc#I zXqkQak;f#EjZ)e)?%K0_CjRFdxKgTP0O1RnQc;hz`^f0eeM&U7ZXbkfp#3y>RGOz2?;j2_qo=ih&tiugDjGaT8xd|i2 zrhi4V8`qvmF|n;V%V3Nr+@_!De+9kuJgcHRJ6z3oboe5-PoC2uJAT9GZ0yw3!-pn( ztgzR(J}y#~C-)~B>syRzr`bAHbXDM4Gn0bP>6rABG(WG-1FKZ80x>cR-_*^=c%gPl zd4UXam%NU{g*KFaUkcGe^lh6PVT?oFiRby3C+p8)RXd)i&VZ}0t8y^LUpw#E|Drrk zuqB%-u=Sw_8H_D#YsP2_7W&JCIF`u7Fg`FLFbM_)D-Ht!8U+9Z6e^ZL9DlPFXBzfE nQUIeRS3#U+4g?e&Jr=!EzAJ-PdK`l2rG?gLKs){d0|ADhwvw&E diff --git a/application/src/test/resources/lwm2m/credentials/lwm2mtruststorechain.jks b/application/src/test/resources/lwm2m/credentials/lwm2mtruststorechain.jks index 2e46c718898093e907b646f2aa3051d7309d117c..b97f3629cda96a9c428c2556c4728310d0fbf431 100644 GIT binary patch delta 2678 zcmV-+3W@cm7p51GbQE{rbtP9;20wjO)NQ8~sGAdmyh99PQ zpAhH-fshA;Bk1!qfaFu8%alna)uK!xi#5vPXv#WJb`|OEf&50GeKl-dwnhw=KLN)`7W&leCi_Mk}k2v9sc&wU1+kN5c$7O()oIH3ex zC&6BUseS`0EFB~)uxrmiADFoP-n|V0SfDB}^8o$|@hsnx_p|&~3*~dD^>Ve7PXSp7 zH#0LgFf%weldu6w6n0Kq@vjCQ53KMK4^T&s!;-s^Z<7uJB!4h4M4n@BCI)H3C(s)a zje&rI2_VllZ>wkQ!D4yI1JSXg6-1y5lxZhgbc*%Atm4rd)78{x+N6OSEz~h`LZaE- zc_3gs`<#1F^q639Ezmlx794tXv%VzzD|WOKy_YiOvy!Mu>=W!Wa%KLjyrm51Tu}s$ zye5!9qfdO)Hh&_OnV6sX)}>U|kTDtk48eQ-S{lLXY{RJFQj9Gi8M`RGw00P+H=mdo zrihG1$ zAUXI-_=5$itFIl(VS>JF+#wvjC>KcGZSUWHs^c|ti9qB1p;b4TNNGC6N;hXsXF2-Z zq4@|yMyB2|)qU6MFl^M zjQ^>5&ws8=*tj;ejG|zC6R{Q!FMR0?HakRcv4K_TPk2^Zr`Nx&Z2$8e1rF&Wfhp$r zSCFSQpZFN+orDgYf+yu1$zrB#=K@BxsMfSKp<;&*E^v&ZS2&kA8~Ye`{6*UC?J86; z)pp^g&cEjQOScMy5gMjDhkCe~mO&_=sS4)|6n`1F0p7VFdG-T23BxZ~?3ve0?=s?G z{@0?ouo;u!c2rWN$Hyk25pff?=heQK*-iOl$6ki4vk)^iK*#inm9m&JRO#K@Wzk$S zZJNnS0@UQ;DWKo|`AeU8yjdUuDaXYzG3E4o#{;*^Ba&4%OUK}xawj4px7%!^vE91W zsDCEial_}$%{eD!g&KOEKUt~N%mOsQJ%wc|M$L9kYdubC7@utsx+ZrNctR>^4Id#g zIod+At%sO&P$f#GK(!Kw0tlgC@;D5813VeFPycJsA*V$9ywSi~$X`T`ADC!Kg zS%}&sAdF6FXxL8H`#UZxH*qI+S%kI=Q-7(g=ZlZ!wrjdK_QRjEbJrBxA(Mr(;9W4o zNXtmOuTViL{0X;N-8LR<(r~6bdEd@6O)JixzB>?^PD=uP@3o0GTe>=K^93l`^@h5^ zYjq6SXEs~j39o1dgvj**93H<+@Ui~X6@lYH@WpB+(X_-*iEg zqfk|nkOQACoab6N2AE6Di?lH98=2_G+$KmE&H78?-VcEBJ@vHeAK)SO%;ZEt$>#zs zr>s3H<4-*yW<4&AAI}tk#lr_+`ziI$0Ib11g67@KXX^G9^TO_9#+fjd?|S}(U3HyE_{&su|bt{=LO#oAp++bSl>j}Crl zSPLTrSgqKv;aUg|sL0Jv^aQ>qnGKh-_Z>u<3p}zd)A*`u{KmZ&_G4&H-*b$Ik7MC` z2GH`yM{lp*_s$YjzPUTV1Aoq65BKWOG)OZ*_Y)>U*L&0M@FCxx~(d` zFr)kyF2ong`}FRjx^K#MThP%WfNYsY!sXQ@gOK zP#q(bYaM{NeW4~5CgaEYh5UZdl}AMb?_;XYLoxluECpvy>xktnVSf!*505u^0;X1ha^SJNSw_*kB$DO& zg-Z%FC$^BWEe6>c_Fd`%gkdW1}h zn1wYz2Uhp*oDMo4xUKOp9SUu{gXPD|utN#h)Mi?MbwBoPKq0?+)PGIlckj0=$WIwY z24fZi?3zyWK-$vtvu!_*jbvVK+!j&`uR)LVGoA6@x`ZY;j0<;UdaZ@RIv6R8TO|(m z+@+!l0rK8dHQ9M-&Wq%q&u-PR9@jgVEZpSw|E zz0%{;87J2ZfK-D;XYOm2|U7_MNM{Te;KGj z35MTGsu%lDwcUsyU6QB79{0WXvIXs;!vQs~`pqiAEeC-IYUVu|zsaBMpE>fFN~I?K znDA2O*B(XKsVkg>U~&mM#;t*-*Dx~$JaJPsU9#wGU0GZW z3=m3`6MqkLm6gb%RLH8pDnd6Y51lieqgz??Rpk6<1dixRzI( zF1<)AsRMDoA)Ej_ufG{%qE7$J>8zk4#mlhQ&iH`=VCwF12+^B zfJz5bEN_EKY13p(fajRNHJ%5Xi*7$LY+*b4})LK#Tc9jrnph_M_ zt}f3KHETlZ^ipZ$BRt7K0>g<}HJyIOW^gFrwq4r1ww)rC1`%BJRA|Z^l$wfx7L78ts`!^a&~1JeDR01>|mG}NX?{i{F@ndbg8n#_jsCt&c*|+r~^?v9X}wy zoPP|hkB_oAQ=yKuJ?cyqwY9RDLct#aVBr%?4AHdKo72+0ew$SwyGROV(!+$EXQlwh z@cbSirsj{h^u1vwOc;9Ef3%P(Fg`FLFbM_)D-Ht!8U+9Z6ft8ca17GGr$$e!zf-Q$t~cN^xFxY00P?@e%0?gzb10s{etpqAVfod5s; delta 2678 zcmV-+3W@cm7p51GbQH(aO-Y7;ZV!Mmb11W#!hXk~Say>R0wjMDmSBc)Q*o^d7$Tu3 z!?ha(fsjs=7DFSwS{-rKtSe?&p!$d=UXb_$IX+f-rWmOBAQ zxFrJxRGIJ!*epSfaM2n38bLH@Y<|n<>Byo@u}T;FRe@VyT;*Z*C%}SxkF<4-^72V6 zNx-y+O?*3-I}9X#c&I-izaq_lLix*6K5{+yme=YMNf$)$nc|D3I^wd$SN}?rPXSp7 zG&V3fF*!Fildu6w6kH7b&1-^XYXT5kb!zw(6Q~(R0h0~_B!8#X1K7wYz9s>_i_pfp zA-jNr2_T1Smc8D#76R4ZV5<8!?EAXelXUv{$Fszdle?OphbHP)H$7S>ho4r3D}1^L z8SBxUhI7LHZ_Rzr%16ZFKV*&Vu8>E7S7kj`0stZTZ#x=0^{NbgAOg<|X3wbR385x_ zkD!$Wh7l;k)qhQPZ=77HfD@C&e+!~?F6ur1Orh&Y*@ohzGOD70d91I@hxx&t_^<3h z@{;yPD5IZ@z&h3pb$z>QM0Wa2WmiD|fEM16ib_q?>_y)!D84}Uu) z?q6w9OZyrW7`<1>wowCH?+&gS2;D@3*@Pr*P-$+B7MCY4=+>)G8~8+`Q9Y74pbJl+ zC@;x1Qh#fF1cI>vxNp<%6aRqCLDNZDf*j&NRH4-z_FeM3uvMxPSioj;L2A{7q|{AGN@M!L}=-i(=_n z5Ai7D&+-FQ((u%n2z)62tIi*4MAd1kDN-}O$++fco<;)+x9;JrXxyltA{}6~F>TQE z?gJQLx{ekZi0to(^hr~`Y-hH>z+<;0rkxm6ej>W zv42bJVk)fd!xpzJcZpldd=CDT(o2#fZ~{$s7^0aVz7Y+sT2L!%@h7w(F)@)%=;Pf! zVIW3!;t}oI!K^p``Z0TbsXUh`p=}!}{JmdFkDrkpGQFdZnp|3r1vcz~-B~qTy0rEN z0X-8Jh_c^UJFvHvsb-LadkP`860O$iT7S)>J9`zWj;j1^H@Y!bVB|e5Wt96Q(*GcT zB29UZ<1;gSPNv66?l02TuDC-V0v?II;w4dKhtwWjo7Ko#f>I2>p%c_N2@NqEvJ>+F zKG$_IodQ|J&Lnhp>Sj<0{uc1|m+UY9h!iLGHM-EQBoSW8S2G=pw@zpzE2T4n2Y=X` zw`-nsgaPuDo}1q<=m39p=t{t>C4aqaXK zM|I_!=03BQ8lSuPP2MC)q^njyFkt7%SEhMoKh&Lu)>lF`@n*pLnLm%*TVRl;umOck z#&5GkLwboj?&gsqkAPjqWQo0|Cx2opJEwEvKW~E9$K$8|Jd<2ZTbfo6f6Cr++Co_R zS^s+Gc`Ht)*99H}>$C_&Oo^@Y98Wd~EO_5u5F=KJTsqhUjgzH1$c0Y5#Pl#SLJr3+ zZv2o#H$9P(hJXfSJrIBywI0v8EHvTlm`U9Zf2!KiDflM;RUCBWquZKZg@4|6(=}r$ zr=(m0$Ms7zo|gJQ*fCRM)g=cK%2PxmST^9m8+UaB<N8|r zIVjNN82(Yp?cQt933Lss7A{Qv0@=vxZiR=Vm8R5kYA{cxB|L>QRGEC^12f}h)Y2O% z&dLy8ETVDpuz5Ra*3%a83V)yWfS57F)(Z@R0aA`2$P7VIp^2w5ZKSG70F?W9u*NVW zi#*ww@^DkJO1UV46vIYx(Ek(2ZsB{?=^l2dq$~0vHFw=}2yWYV`p5VvpO6}13Rv~3pUSaD8)`q;3ke+b5t4VO&(0`9yt7<{hFpbCp zJ%vRRPhm3Rp#C(I#il>{P8B8NR(Zn+wp#wNgo5bbv+EWeY%-L@sJR9X4jys^$WI%8 zv^3IiR``;=+V)LSlnw62g;q>8_S?VHVz}U&58{~GP4_Hd z_#~L=`iGv>1In;dpnvV7g+sEwCaRHT6VEm__KZ4NhFZ=PH^J(8-{_udz2tLp^#FRk zGfgw-<34FGRbCzDZz5J1?n*y8!BQz)G=H<_%}h?_)YzN>=|S4& zXB%7~jXA^@$JDGp+A!^2`+iZC#Kq7_N^otb2Z<5|pyNFIWn8&Fyc(?>+CrQ5@05M? zU%Eu$JzCDfM@{?eSh#JwFOW{{3RsSLZsun7KV%gWn=Vs(r(iCK^!zrGZ;?sd>;>-cL zh5JpnNdyh2Gr{0!@p(m`sWL>XtJ}DnWiqxEIkq`@)V2f0Z_{ebx@iP@d~FC69&yPJ z=?C{8Ng=M^o>fn{=_fr1D8=n^m!G>}e$j#1p(%@S#edQhQv%avJ;Z)u*@P9dfxe~c z{CzQpMk9#})$Bk)$gwI_HWm`v^F~=z=PpmI0Nn-PO`Q(X+>K#hVY5;JbbI^|vFx!f zhaal2s_>x<`?Ljl`-#V&i)m}?ra48p$6471_D;2N5WOWI@-1;Ufgm59yw(-Ui`(s(`FBUyqRg2;o--T<75AC1CvzGU9FP0Cy1P?Z;H-}MARtqgoq!6hMzN6jFil<*^o8pbmg92tnPVVCJ@zc{3L /dev/null <<-CONFIG CONFIG echo "====================================================" -echo -e "Generate the root of certificates: \n-${CA_ROOT_KEY}-key.pem (certificate key)\n-${CA_ROOT_KEY}.pem (certificate)\n-${CA_ROOT_KEY}.csr (sign request)" +echo -e "Generate the root of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)" echo "====================================================" cfssl genkey \ -initca \ @@ -286,14 +294,114 @@ keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT done +#keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12 + +echo "====================================================" +echo -e "Generate the root no trust in ${TRUST_NO_PATH} of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)" +echo "====================================================" +cfssl genkey \ + -initca \ + - \ + <<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY} +{ + "CN": "ROOT CA NO TRUST", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ], + "ca": { + "expiry": "131400h" + } +} +CONFIG + +CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY}.pem) + +echo "====================================================" +echo -e "Generate and Signed the intermediates of our no trust in ${TRUST_NO_PATH} certificate: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)" +echo "====================================================" + +CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} +CA_LIST_CERT_FOR_CAT="" +CA_INTERMEDIATE_NUMBER=0 +while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]]; +do + CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) + CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) + + cfssl gencert \ + -ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ + -ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ + -config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \ + -hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ + - \ + <<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY} + { + "CN": "${CA_INTERMEDIATE_CERT_KEY}_TRUST_NO", + "names": [ + { + "C": "UK", + "ST": "Kyiv city", + "L": "Kyiv", + "O": "Thingsboard", + "OU": "DEVELOPER_TEST" + } + ] + } +CONFIG + #openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout + CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) + CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} +done + +echo "====================================================" +echo -e "Generate and Signed the client no trust of our certificate: \n-${CLIENT_CERT_TRUST_NO_KEY}-key.pem (certificate key)\n-${CLIENT_CERT_TRUST_NO_KEY}.pem (certificate)\n-${CLIENT_CERT_TRUST_NO_KEY}.csr (sign request)" +echo "====================================================" + + CLIENT_CERT_ALIAS=$(client_alias_name) + CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1)) + + cfssl gencert \ + -ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ + -ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ + -config ./${TRUST_PATH}/ca-config.json \ + -profile client \ + -hostname "${CLIENT_HOST_NAME}" \ + - \ + <<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY} +{ + "CN": "${CLIENT_CERT_TRUST_NO_KEY}" +} +CONFIG + +echo "====================================================" +echo -e "Add the client certificate no trust (${CLIENT_CERT_TRUST_NO_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks" +echo "====================================================" +cat ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem +openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -name ${CLIENT_CERT_ALIAS_TRUST_NO} -CAfile ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_NO_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD} +keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS_TRUST_NO} + + + keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12 -rm ./${TRUST_PATH}/*.p12 -rm ./${TRUST_PATH}/*.csr -rm ./${TRUST_PATH}/*.json -rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}* -rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* +rm ./${TRUST_PATH}/*.p12 2> /dev/null +rm ./${TRUST_PATH}/*.csr 2> /dev/null +rm ./${TRUST_PATH}/*.json 2> /dev/null +rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null +rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null + +rm -rf ${TRUST_NO_PATH} 2> /dev/null rm ./${CLIENT_PATH}/*.p12 2> /dev/null rm ./${CLIENT_PATH}/*.csr 2> /dev/null diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh similarity index 78% rename from application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh rename to application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh index b3b114cb28..c869366ac2 100755 --- a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_for_test_All.sh +++ b/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh @@ -27,11 +27,11 @@ Help() } if [ "$1" == "-h" ] ; then - echo -e "Usage 2: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" - echo -e "Usage 1: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" + echo -e "Usage 1: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" + echo -e "Usage 2: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" echo -e "Usage 3: ./`basename $0` true false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are generated\"" echo -e "Usage 4: ./`basename $0` true false false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are not generated\"" - echo -e "Usage 4: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\"" + echo -e "Usage 5: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\"" echo "This Help File: ./`basename $0` -h" exit 0 fi @@ -53,13 +53,13 @@ if [ "$IS_IHFO" = false ] ; then ./lwm2m_cfssl_chain_server_for_test.sh > /dev/null 2>&1 & fi if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then - ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 & + ./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 & fi else if [ "$IS_SERVER_CREATED_KEY" = true ] ; then ./lwm2m_cfssl_chain_server_for_test.sh fi if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then - ./lwM2M_cfssl_chain_trusts_and_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} + ./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} fi fi \ No newline at end of file From be23dd2f7cfa43c1de39730d7a371208da06d454 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Sun, 9 Jan 2022 20:04:42 +0200 Subject: [PATCH 11/16] lwm2m tests add no trust and clear comments --- .../lwm2m/AbstractLwM2MIntegrationTest.java | 8 -- .../transport/lwm2m/Lwm2mTestHelper.java | 13 ++- .../ota/sql/OtaLwM2MIntegrationTest.java | 4 - .../rpc/AbstractRpcLwM2MIntegrationTest.java | 9 +- .../AbstractSecurityLwM2MIntegrationTest.java | 89 ++----------------- .../sql/NoSecLwM2MIntegrationTest.java | 1 - .../security/sql/PskLwm2mIntegrationTest.java | 9 +- .../security/sql/RpkLwM2MIntegrationTest.java | 1 - .../sql/X509_NoTrustLwM2MIntegrationTest.java | 4 - application/src/test/resources/logback.xml | 1 - 10 files changed, 18 insertions(+), 121 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java index 0a95dfdbc9..09495402f3 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java @@ -67,7 +67,6 @@ import java.util.concurrent.ScheduledExecutorService; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@Slf4j @DaoSqlTest public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest { @@ -135,7 +134,6 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest protected LwM2MTestClient client; private final LwM2MBootstrapClientCredentials defaultBootstrapCredentials; private String[] resources; -// protected String endpoint; public AbstractLwM2MIntegrationTest() { this.defaultBootstrapCredentials = new LwM2MBootstrapClientCredentials(); @@ -197,11 +195,9 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest wsClient.waitForReply(); wsClient.registerWaitForUpdate(); -// this.endpoint = endpoint; createNewClient(security, coapConfig, false, endpoint); String msg = wsClient.waitForUpdate(); - log.info("msg5555: [{}]", msg); EntityDataUpdate update = mapper.readValue(msg, EntityDataUpdate.class); Assert.assertEquals(1, update.getCmdId()); List eData = update.getUpdate(); @@ -264,10 +260,6 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest this.resources = resources; } -// public void setEndpoint(String endpoint) { -// this.endpoint = endpoint; -// } - public void createNewClient(Security security, NetworkConfig coapConfig, boolean isRpc, String endpoint) throws Exception { clientDestroy(); client = new LwM2MTestClient(this.executor, endpoint); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java index 0ea700d46c..8dd44d25ae 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java @@ -25,18 +25,16 @@ public class Lwm2mTestHelper { // Server public static final int SECURE_PORT = 5686; public static final int SECURE_PORT_BS = 5688; - public static final String HOST = "localhost"; - public static final String HOST_BS = "localhost"; - public static final NetworkConfig SECURE_COAP_CONFIG = new NetworkConfig().setString("COAP_SECURE_PORT", Integer.toString(SECURE_PORT)); - public static final String ENDPOINT_SECURITY = "deviceAEndpoint"; - public static final String SECURE_URI = "coaps://localhost:" + SECURE_PORT; - public static final int PORT = 5685; public static final int PORT_BS = 5687; + public static final String HOST = "localhost"; + public static final String HOST_BS = "localhost"; public static final int SHORT_SERVER_ID = 123; public static final int SHORT_SERVER_ID_BS = 111; - public static final Security SECURITY = noSec("coap://localhost:" + PORT, SHORT_SERVER_ID); + public static final NetworkConfig SECURE_COAP_CONFIG = new NetworkConfig().setString("COAP_SECURE_PORT", Integer.toString(SECURE_PORT)); + public static final String SECURE_URI = "coaps://" + HOST + ":" + SECURE_PORT; + public static final Security SECURITY = noSec("coap://"+ HOST +":" + PORT, SHORT_SERVER_ID); public static final NetworkConfig COAP_CONFIG = new NetworkConfig().setString("COAP_PORT", Integer.toString(PORT)); // Models @@ -67,5 +65,4 @@ public class Lwm2mTestHelper { public static final String resourceIdName_3_14 = "UtfOffset"; public static final String resourceIdName_19_0_0 = "dataRead"; public static final String resourceIdName_19_1_0 = "dataWrite"; - } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java index 95a0a774a2..e3c538c928 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java @@ -138,8 +138,6 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest { @Test public void testFirmwareUpdateWithClientWithoutFirmwareOtaInfoFromProfile() throws Exception { -// String endpoint = "WithoutFirmwareInfoDevice"; -// setEndpoint(endpoint); createDeviceProfile(transportConfiguration); NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_WITHOUT_FW_INFO); final Device device = createDevice(credentials); @@ -165,8 +163,6 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest { @Test public void testFirmwareUpdateByObject5() throws Exception { -// String endpoint = "Ota5_Device"; -// setEndpoint(endpoint); createDeviceProfile(OTA_TRANSPORT_CONFIGURATION); NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA5); final Device device = createDevice(credentials); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java index 2310fe1659..4303c5e6eb 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java @@ -18,12 +18,10 @@ package org.thingsboard.server.transport.lwm2m.rpc; import org.junit.Before; import org.thingsboard.server.common.data.Device; import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecClientCredential; -import org.thingsboard.server.controller.TbTestWebSocketClient; import org.thingsboard.server.dao.service.DaoSqlTest; import org.thingsboard.server.transport.lwm2m.AbstractLwM2MIntegrationTest; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.atomic.AtomicInteger; import java.util.function.Predicate; @@ -53,8 +51,6 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg protected String RPC_TRANSPORT_CONFIGURATION; - protected ScheduledExecutorService executor; - protected TbTestWebSocketClient wsClient; protected String deviceId; public Set expectedObjects; public Set expectedObjectIdVers; @@ -73,7 +69,7 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg protected String objectIdVer_50 = "/50"; protected String objectIdVer_3303; protected static AtomicInteger endpointSequence = new AtomicInteger(); - protected static String endpointRpcPref = "deviceEndpointRpc"; + protected static String DEVICE_ENDPOINT_RPC_PREF = "deviceEndpointRpc"; public AbstractRpcLwM2MIntegrationTest(){ setResources(resources); @@ -81,8 +77,7 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg @Before public void beforeTest() throws Exception { - String endpoint = endpointRpcPref + endpointSequence.incrementAndGet(); -// setEndpoint(endpoint); + String endpoint = DEVICE_ENDPOINT_RPC_PREF + endpointSequence.incrementAndGet(); init(); createNewClient (SECURITY, COAP_CONFIG, true, endpoint); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java index c10eb46620..c9d2b556af 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java @@ -33,36 +33,16 @@ import java.security.cert.X509Certificate; public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { protected final String CREDENTIALS_PATH = "lwm2m/credentials/"; // client public key or id used for PSK - protected final String pskIdentity; // client public key or id used for PSK - protected final String pskKey; // client private/secret key used for PSK -// protected final PublicKey clientPublicKey; // client public key used for RPK -// protected final PrivateKey clientPrivateKey; // client private key used for RPK - - - -// // client certificate signed by rootCA but with bad CN (CN does not start by leshan_integration_test) -// protected final X509Certificate clientX509CertWithBadCN; -// // client certificate self-signed with a good CN (CN start by leshan_integration_test) -// protected final X509Certificate clientX509CertSelfSigned; -// // client certificate signed by another CA (not rootCA) with a good CN (CN start by leshan_integration_test) -// protected final X509Certificate clientX509CertNotTrusted; - - // self-signed server certificate -// protected final X509Certificate serverX509CertSelfSigned; -// // rootCA used by the server -// protected final X509Certificate rootCAX509Cert; - // certificates trustedby the server (should contain rootCA) + // Get keys PSK + protected final String CLIENT_PSK_IDENTITY = "SOME_PSK_ID"; // client public key or id used for PSK + protected final String CLIENT_PSK_KEY = "73656372657450534b73656372657450"; // client private/secret key used for PSK // Server protected static final String SERVER_JKS_FOR_TEST = "lwm2mserver"; protected static final String SERVER_STORE_PWD = "server_ks_password"; protected static final String SERVER_CERT_ALIAS = "server"; - protected final X509Certificate serverX509Cert; // server certificate signed by rootCA -// protected final PrivateKey serverPrivateKeyFromCert; // server private key used for RPK and X509 - protected final PublicKey serverPublicKeyFromCert; // server public key used for RPK - -// // Server Trust -// protected final Certificate[] trustedCertificates = new Certificate[1]; +protected final X509Certificate serverX509Cert; // server certificate signed by rootCA + protected final PublicKey serverPublicKeyFromCert; // server public key used for RPK // Client protected LwM2MTestClient client; @@ -92,45 +72,18 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M public AbstractSecurityLwM2MIntegrationTest() { // create client credentials setResources(this.resources); -// setEndpoint(CLIENT_ENDPOINT_NO_TRUST); try { -// Get keys PSK - this.pskIdentity = "SOME_PSK_ID"; - this.pskKey = "73656372657450534b73656372657450"; - -// // Get point values -// byte[] publicX = Hex -// .decodeHex("89c048261979208666f2bfb188be1968fc9021c416ce12828c06f4e314c167b5".toCharArray()); -// byte[] publicY = Hex -// .decodeHex("cbf1eb7587f08e01688d9ada4be859137ca49f79394bad9179326b3090967b68".toCharArray()); -// byte[] privateS = Hex -// .decodeHex("e67b68d2aaeb6550f19d98cade3ad62b39532e02e6b422e1f7ea189dabaea5d2".toCharArray()); -// -// // Get Elliptic Curve Parameter spec for secp256r1 -// AlgorithmParameters algoParameters = AlgorithmParameters.getInstance("EC"); -// algoParameters.init(new ECGenParameterSpec("secp256r1")); -// ECParameterSpec parameterSpec = algoParameters.getParameterSpec(ECParameterSpec.class); -// -// // Create key specs -// KeySpec publicKeySpec = new ECPublicKeySpec(new ECPoint(new BigInteger(publicX), new BigInteger(publicY)), -// parameterSpec); -// KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec); -// -// // Get keys RPK -// clientPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec); -// clientPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec); - // Get certificates from key store char[] clientKeyStorePwd = CLIENT_STORE_PWD.toCharArray(); KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream clientKeyStoreFile = this.getClass().getClassLoader().getResourceAsStream(CREDENTIALS_PATH + CLIENT_JKS_FOR_TEST + ".jks")) { clientKeyStore.load(clientKeyStoreFile, clientKeyStorePwd); } - + // Trust clientPrivateKeyFromCertTrust = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST, clientKeyStorePwd); clientX509CertTrust = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST); clientPublicKeyFromCertTrust = clientX509CertTrust != null ? clientX509CertTrust.getPublicKey() : null; - + // No trust clientPrivateKeyFromCertTrustNo = (PrivateKey) clientKeyStore.getKey(CLIENT_ALIAS_CERT_TRUST_NO, clientKeyStorePwd); clientX509CertTrustNo = (X509Certificate) clientKeyStore.getCertificate(CLIENT_ALIAS_CERT_TRUST_NO); clientPublicKeyFromCertTrustNo = clientX509CertTrustNo != null ? clientX509CertTrustNo.getPublicKey() : null; @@ -141,29 +94,6 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M // create server credentials try { -// // Get point values -// byte[] publicX = Hex -// .decodeHex("fcc28728c123b155be410fc1c0651da374fc6ebe7f96606e90d927d188894a73".toCharArray()); -// byte[] publicY = Hex -// .decodeHex("d2ffaa73957d76984633fc1cc54d0b763ca0559a9dff9706e9f4557dacc3f52a".toCharArray()); -// byte[] privateS = Hex -// .decodeHex("1dae121ba406802ef07c193c1ee4df91115aabd79c1ed7f4c0ef7ef6a5449400".toCharArray()); -// -// // Get Elliptic Curve Parameter spec for secp256r1 -// AlgorithmParameters algoParameters = AlgorithmParameters.getInstance("EC"); -// algoParameters.init(new ECGenParameterSpec("secp256r1")); -// ECParameterSpec parameterSpec = algoParameters.getParameterSpec(ECParameterSpec.class); -// -// // Create key specs -// KeySpec publicKeySpec = new ECPublicKeySpec(new ECPoint(new BigInteger(publicX), new BigInteger(publicY)), -// parameterSpec); -// KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec); -// -// // Get keys -// serverPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec); -// serverPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec); - - // Get certificates from key store char[] serverKeyStorePwd = SERVER_STORE_PWD.toCharArray(); KeyStore serverKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); @@ -171,13 +101,8 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M serverKeyStore.load(serverKeyStoreFile, serverKeyStorePwd); } -// serverPrivateKeyFromCert = (PrivateKey) serverKeyStore.getKey("server", serverKeyStorePwd); serverX509Cert = (X509Certificate) serverKeyStore.getCertificate(SERVER_CERT_ALIAS); serverPublicKeyFromCert = serverX509Cert.getPublicKey(); -// rootCAX509Cert = (X509Certificate) serverKeyStore.getCertificate("rootCA"); - -// serverX509CertSelfSigned = (X509Certificate) serverKeyStore.getCertificate("server_self_signed"); -// trustedCertificates[0] = serverX509Cert; } catch (GeneralSecurityException | IOException e) { throw new RuntimeException(e); } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java index 8331b99fff..c3af57ae71 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/NoSecLwM2MIntegrationTest.java @@ -16,7 +16,6 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import lombok.extern.slf4j.Slf4j; -import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java index d7296fd47c..52a85ecf2a 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java @@ -17,7 +17,6 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; import org.eclipse.leshan.core.util.Hex; -import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; @@ -35,12 +34,12 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes public void testConnectWithPSKAndObserveTelemetry() throws Exception { PSKClientCredential clientCredentials = new PSKClientCredential(); clientCredentials.setEndpoint(CLIENT_ENDPOINT_PSK); - clientCredentials.setKey(pskKey); - clientCredentials.setIdentity(pskIdentity); + clientCredentials.setKey(CLIENT_PSK_KEY); + clientCredentials.setIdentity(CLIENT_PSK_IDENTITY); Security security = psk(SECURE_URI, SHORT_SERVER_ID, - pskIdentity.getBytes(StandardCharsets.UTF_8), - Hex.decodeHex(pskKey.toCharArray())); + CLIENT_PSK_IDENTITY.getBytes(StandardCharsets.UTF_8), + Hex.decodeHex(CLIENT_PSK_KEY.toCharArray())); super.basicTestConnectionObserveTelemetry(security, clientCredentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_PSK); } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java index 0066014a9b..05933019bf 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java @@ -16,7 +16,6 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; -import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java index b2ce6c470d..af7282bdb7 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java @@ -15,9 +15,7 @@ */ package org.thingsboard.server.transport.lwm2m.security.sql; -import org.apache.commons.codec.binary.Base64; import org.eclipse.leshan.client.object.Security; -import org.junit.Ignore; import org.junit.Test; import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential; import org.thingsboard.server.common.transport.util.SslUtil; @@ -34,7 +32,6 @@ public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MInteg public void testConnectWithCertAndObserveTelemetry() throws Exception { X509ClientCredential credentials = new X509ClientCredential(); credentials.setEndpoint(CLIENT_ENDPOINT_X509_TRUST_NO); -// rpkClientCredentials.setKey(new String(Base64.encodeBase64(clientPublicKeyFromCertTrust.getEncoded()))); credentials.setCert(SslUtil.getCertificateString(clientX509CertTrustNo)); Security security = x509(SECURE_URI, SHORT_SERVER_ID, @@ -43,5 +40,4 @@ public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MInteg serverX509Cert.getEncoded()); super.basicTestConnectionObserveTelemetry(security, credentials, SECURE_COAP_CONFIG, CLIENT_ENDPOINT_X509_TRUST_NO); } - } diff --git a/application/src/test/resources/logback.xml b/application/src/test/resources/logback.xml index 175eda993c..d3301bf660 100644 --- a/application/src/test/resources/logback.xml +++ b/application/src/test/resources/logback.xml @@ -10,7 +10,6 @@ - From 3c7ec8b7d3de98e20753aa4d31f5e3ba913b3c09 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Tue, 11 Jan 2022 12:45:34 +0200 Subject: [PATCH 12/16] lwm2m tests refactoring by comments --- .../thingsboard/server/controller/TbTestWebSocketClient.java | 2 +- .../server/transport/lwm2m/AbstractLwM2MIntegrationTest.java | 1 - .../server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java | 2 -- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java b/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java index 2bb68737ac..ff6b004405 100644 --- a/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java +++ b/application/src/test/java/org/thingsboard/server/controller/TbTestWebSocketClient.java @@ -74,7 +74,7 @@ public class TbTestWebSocketClient extends WebSocketClient { } public String waitForUpdate() { - return waitForUpdate(TimeUnit.SECONDS.toMillis(8)); + return waitForUpdate(TimeUnit.SECONDS.toMillis(3)); } public String waitForUpdate(long ms) { diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java index 09495402f3..4fc9108862 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java @@ -16,7 +16,6 @@ package org.thingsboard.server.transport.lwm2m; import com.fasterxml.jackson.core.type.TypeReference; -import lombok.extern.slf4j.Slf4j; import org.apache.commons.io.IOUtils; import org.eclipse.californium.core.network.config.NetworkConfig; import org.eclipse.leshan.client.object.Security; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java index e3c538c928..3b152ec728 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java @@ -200,8 +200,6 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest { * */ @Test public void testSoftwareUpdateByObject9() throws Exception { -// String endpoint = "Ota9_Device"; -// setEndpoint(endpoint); createDeviceProfile(OTA_TRANSPORT_CONFIGURATION); NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_OTA9); final Device device = createDevice(credentials); From b49c32e7b15117df4842386eebb02b6e0bedffd2 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Tue, 11 Jan 2022 18:19:36 +0200 Subject: [PATCH 13/16] lwm2m frefactoring by comments2 --- .../lwm2m/AbstractLwM2MIntegrationTest.java | 4 +- .../transport/lwm2m/Lwm2mTestHelper.java | 42 +++++----- .../lwm2m/client/LwM2MTestClient.java | 25 ++---- .../client/LwM2mBinaryAppDataContainer.java | 11 +-- .../transport/lwm2m/client/LwM2mLocation.java | 4 - .../ota/AbstractOtaLwM2MIntegrationTest.java | 4 +- .../ota/sql/OtaLwM2MIntegrationTest.java | 2 +- .../rpc/AbstractRpcLwM2MIntegrationTest.java | 54 ++++++------- .../sql/RpcLwm2mIntegrationCreateTest.java | 30 ++++---- .../sql/RpcLwm2mIntegrationDeleteTest.java | 13 ++-- .../sql/RpcLwm2mIntegrationDiscoverTest.java | 8 +- .../sql/RpcLwm2mIntegrationExecuteTest.java | 30 ++++---- .../sql/RpcLwm2mIntegrationObserveTest.java | 26 +++---- .../rpc/sql/RpcLwm2mIntegrationReadTest.java | 68 ++++++++-------- ...pcLwm2mIntegrationWriteAttributesTest.java | 11 +-- .../rpc/sql/RpcLwm2mIntegrationWriteTest.java | 77 +++++++++---------- .../AbstractSecurityLwM2MIntegrationTest.java | 4 +- 17 files changed, 190 insertions(+), 223 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java index 4fc9108862..402e95b9ca 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java @@ -69,7 +69,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @DaoSqlTest public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest { - protected String transportConfiguration = "{\n" + + protected final String TRANSPORT_CONFIGURATION = "{\n" + " \"type\": \"LWM2M\",\n" + " \"observeAttr\": {\n" + " \"keyName\": {\n" + @@ -176,7 +176,7 @@ public abstract class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest LwM2MClientCredential credentials, NetworkConfig coapConfig, String endpoint) throws Exception { - createDeviceProfile(transportConfiguration); + createDeviceProfile(TRANSPORT_CONFIGURATION); Device device = createDevice(credentials); SingleEntityFilter sef = new SingleEntityFilter(); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java index 8dd44d25ae..19bde32467 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/Lwm2mTestHelper.java @@ -43,26 +43,26 @@ public class Lwm2mTestHelper { public static final int TEMPERATURE_SENSOR = 3303; // Ids in Client - public static final int objectId_0 = 0; - public static final int objectInstanceId_0 = 0; - public static final int objectInstanceId_1 = 1; - public static final int objectInstanceId_2 = 2; - public static final int objectInstanceId_12 = 12; - public static final int resourceId_0 = 0; - public static final int resourceId_1 = 1; - public static final int resourceId_2 = 2; - public static final int resourceId_3 = 3; - public static final int resourceId_4 = 4; - public static final int resourceId_7 = 7; - public static final int resourceId_8 = 8; - public static final int resourceId_9 = 9; - public static final int resourceId_11 = 11; - public static final int resourceId_14 = 14; - public static final int resourceId_15= 15; - public static final int resourceInstanceId_2 = 2; + public static final int OBJECT_ID_0 = 0; + public static final int OBJECT_INSTANCE_ID_0 = 0; + public static final int OBJECT_INSTANCE_ID_1 = 1; + public static final int OBJECT_INSTANCE_ID_2 = 2; + public static final int OBJECT_INSTANCE_ID_12 = 12; + public static final int RESOURCE_ID_0 = 0; + public static final int RESOURCE_ID_1 = 1; + public static final int RESOURCE_ID_2 = 2; + public static final int RESOURCE_ID_3 = 3; + public static final int RESOURCE_ID_4 = 4; + public static final int RESOURCE_ID_7 = 7; + public static final int RESOURCE_ID_8 = 8; + public static final int RESOURCE_ID_9 = 9; + public static final int RESOURCE_ID_11 = 11; + public static final int RESOURCE_ID_14 = 14; + public static final int RESOURCE_ID_15 = 15; + public static final int RESOURCE_INSTANCE_ID_2 = 2; - public static final String resourceIdName_3_9 = "batteryLevel"; - public static final String resourceIdName_3_14 = "UtfOffset"; - public static final String resourceIdName_19_0_0 = "dataRead"; - public static final String resourceIdName_19_1_0 = "dataWrite"; + public static final String RESOURCE_ID_NAME_3_9 = "batteryLevel"; + public static final String RESOURCE_ID_NAME_3_14 = "UtfOffset"; + public static final String RESOURCE_ID_NAME_19_0_0 = "dataRead"; + public static final String RESOURCE_ID_NAME_19_1_0 = "dataWrite"; } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java index 1c62b2b79d..af12168802 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java @@ -62,9 +62,9 @@ import static org.eclipse.leshan.core.LwM2mId.SERVER; import static org.eclipse.leshan.core.LwM2mId.SOFTWARE_MANAGEMENT; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.BINARY_APP_DATA_CONTAINER; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.TEMPERATURE_SENSOR; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_1; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_12; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_1; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_12; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resources; @@ -99,12 +99,12 @@ public class LwM2MTestClient { initializer.setInstancesForObject(FIRMWARE, fwLwM2MDevice = new FwLwM2MDevice()); initializer.setInstancesForObject(SOFTWARE_MANAGEMENT, swLwM2MDevice = new SwLwM2MDevice()); initializer.setClassForObject(ACCESS_CONTROL, DummyInstanceEnabler.class); - initializer.setInstancesForObject(BINARY_APP_DATA_CONTAINER, lwM2MBinaryAppDataContainer = new LwM2mBinaryAppDataContainer(executor, objectInstanceId_0), - new LwM2mBinaryAppDataContainer(executor, objectInstanceId_1)); + initializer.setInstancesForObject(BINARY_APP_DATA_CONTAINER, lwM2MBinaryAppDataContainer = new LwM2mBinaryAppDataContainer(executor, OBJECT_INSTANCE_ID_0), + new LwM2mBinaryAppDataContainer(executor, OBJECT_INSTANCE_ID_1)); locationParams = new LwM2MLocationParams(); locationParams.getPos(); - initializer.setInstancesForObject(LOCATION, new LwM2mLocation(locationParams.getLatitude(), locationParams.getLongitude(), locationParams.getScaleFactor(), executor, objectInstanceId_0)); - initializer.setInstancesForObject(TEMPERATURE_SENSOR, lwM2MTemperatureSensor = new LwM2mTemperatureSensor(executor, objectInstanceId_0), new LwM2mTemperatureSensor(executor, objectInstanceId_12)); + initializer.setInstancesForObject(LOCATION, new LwM2mLocation(locationParams.getLatitude(), locationParams.getLongitude(), locationParams.getScaleFactor(), executor, OBJECT_INSTANCE_ID_0)); + initializer.setInstancesForObject(TEMPERATURE_SENSOR, lwM2MTemperatureSensor = new LwM2mTemperatureSensor(executor, OBJECT_INSTANCE_ID_0), new LwM2mTemperatureSensor(executor, OBJECT_INSTANCE_ID_12)); DtlsConnectorConfig.Builder dtlsConfig = new DtlsConnectorConfig.Builder(); dtlsConfig.setRecommendedCipherSuitesOnly(true); @@ -130,16 +130,6 @@ public class LwM2MTestClient { ObservationStore store) { CoapEndpoint.Builder builder = new CoapEndpoint.Builder(); DtlsConnectorConfig.Builder dtlsConfigBuilder = new DtlsConnectorConfig.Builder(dtlsConfig); - - // tricks to be able to change psk information on the fly -// AdvancedPskStore pskStore = dtlsConfig.getAdvancedPskStore(); -// if (pskStore != null) { -// PskPublicInformation identity = pskStore.getIdentity(null, null); -// SecretKey key = pskStore -// .requestPskSecretResult(ConnectionId.EMPTY, null, identity, null, null, null).getSecret(); -// singlePSKStore = new SinglePSKStore(identity, key); -// dtlsConfigBuilder.setAdvancedPskStore(singlePSKStore); -// } builder.setConnector(new DTLSConnector(dtlsConfigBuilder.build())); builder.setNetworkConfig(coapConfig); return builder.build(); @@ -283,5 +273,4 @@ public class LwM2MTestClient { client.start(); } } - } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mBinaryAppDataContainer.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mBinaryAppDataContainer.java index b7ac889649..7da7599119 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mBinaryAppDataContainer.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mBinaryAppDataContainer.java @@ -66,8 +66,7 @@ public class LwM2mBinaryAppDataContainer extends BaseInstanceEnabler implements * "value":4 * }, */ -// private String data = "InNlcnZpY2VJZCI6Ik1ldGVyIiwNCiJzZXJ2aWNlRGF0YSI6ew0KImN1cnJlbnRSZWFkaW5nIjoiNDYuMyIsDQoic2lnbmFsU3RyZW5ndGgiOjE2LA0KImRhaWx5QWN0aXZpdHlUaW1lIjo1NzA2DQo="; -// private byte[] data; + Map data; private Integer priority = 0; private Time timestamp; @@ -83,7 +82,6 @@ public class LwM2mBinaryAppDataContainer extends BaseInstanceEnabler implements try { if (id != null) this.setId(id); executorService.scheduleWithFixedDelay(() -> -// fireResourcesChange(0, 2), 5000, 5000, TimeUnit.MILLISECONDS); fireResourcesChange(0, 2), 1800000, 1800000, TimeUnit.MILLISECONDS); // 30 MIN } catch (Throwable e) { log.error("[{}]Throwable", e.toString()); @@ -93,15 +91,11 @@ public class LwM2mBinaryAppDataContainer extends BaseInstanceEnabler implements @Override public ReadResponse read(ServerIdentity identity, int resourceId) { -// log.warn("Read on Location resource /[{}]/[{}]/[{}]", getModel().id, getId(), resourceId); try { switch (resourceId) { case 0: -// log.warn("Read on Location resource /[{}]/[{}]/[{}]", getModel().id, getId(), resourceId); ReadResponse response = ReadResponse.success(resourceId, getData(), ResourceModel.Type.OPAQUE); -// log.warn("Response [{}]", response); return response; - case 1: return ReadResponse.success(resourceId, getPriority()); case 2: @@ -168,7 +162,6 @@ public class LwM2mBinaryAppDataContainer extends BaseInstanceEnabler implements } private String getDataFormat() { -// return this.dataFormat == null ? "base64" : this.dataFormat; return this.dataFormat == null ? "OPAQUE" : this.dataFormat; } @@ -188,7 +181,6 @@ public class LwM2mBinaryAppDataContainer extends BaseInstanceEnabler implements return this.timestamp != null ? this.timestamp : new Time(new Date().getTime()); } -// fireResourcesChange(resourceId); private boolean setData(LwM2mResource value, boolean replace) { try { if (value instanceof LwM2mMultipleResource) { @@ -208,7 +200,6 @@ public class LwM2mBinaryAppDataContainer extends BaseInstanceEnabler implements } private Map getData() { -// this.data.put(23, new byte[]{0,0, 2,3}); return data; } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mLocation.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mLocation.java index 079cd9fdac..b4dd8531f2 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mLocation.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2mLocation.java @@ -101,19 +101,15 @@ public class LwM2mLocation extends BaseInstanceEnabler implements Destroyable { switch (nextMove.charAt(0)) { case 'w': moveLatitude(1.0f); -// log.info("Move to North [{}]/[{}]", getLatitude(), getLongitude()); break; case 'a': moveLongitude(-1.0f); -// log.info("Move to East [{}]/[{}]", getLatitude(), getLongitude()); break; case 's': moveLatitude(-1.0f); -// log.info("Move to South [{}]/[{}]", getLatitude(), getLongitude()); break; case 'd': moveLongitude(1.0f); -// log.info("Move to West [{}]/[{}]", getLatitude(), getLongitude()); break; } } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java index 6cf35aeb94..a4e5e92db4 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/AbstractOtaLwM2MIntegrationTest.java @@ -29,13 +29,13 @@ import static org.thingsboard.server.common.data.ota.OtaPackageType.SOFTWARE; @DaoSqlTest public abstract class AbstractOtaLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { - private final String[] resources = new String[]{"3.xml", "5.xml", "9.xml"}; + private final String[] RESOURCES_OTA = new String[]{"3.xml", "5.xml", "9.xml"}; protected static final String CLIENT_ENDPOINT_WITHOUT_FW_INFO = "WithoutFirmwareInfoDevice"; protected static final String CLIENT_ENDPOINT_OTA5 = "Ota5_Device"; protected static final String CLIENT_ENDPOINT_OTA9 = "Ota9_Device"; public AbstractOtaLwM2MIntegrationTest() { - setResources(this.resources); + setResources(this.RESOURCES_OTA); } protected OtaPackageInfo createFirmware() throws Exception { diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java index 3b152ec728..38db441e5d 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/ota/sql/OtaLwM2MIntegrationTest.java @@ -138,7 +138,7 @@ public class OtaLwM2MIntegrationTest extends AbstractOtaLwM2MIntegrationTest { @Test public void testFirmwareUpdateWithClientWithoutFirmwareOtaInfoFromProfile() throws Exception { - createDeviceProfile(transportConfiguration); + createDeviceProfile(TRANSPORT_CONFIGURATION); NoSecClientCredential credentials = createNoSecClientCredentials(this.CLIENT_ENDPOINT_WITHOUT_FW_INFO); final Device device = createDevice(credentials); createNewClient(SECURITY, COAP_CONFIG, false, this.CLIENT_ENDPOINT_WITHOUT_FW_INFO); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java index 4303c5e6eb..fba8109dbf 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/AbstractRpcLwM2MIntegrationTest.java @@ -34,16 +34,16 @@ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.BINARY_APP_ import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.COAP_CONFIG; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.SECURITY; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.TEMPERATURE_SENSOR; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_1; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_19_0_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_19_1_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_3_14; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_3_9; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_14; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_1; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_19_0_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_19_1_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_3_14; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_3_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_14; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_9; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resources; @DaoSqlTest @@ -60,13 +60,13 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg protected String objectInstanceIdVer_1; protected String objectIdVer_0; protected String objectIdVer_2; - private static final Predicate predicate_3 = path -> (!((String) path).contains("/" + TEMPERATURE_SENSOR) && ((String) path).contains("/" + DEVICE)); + private static final Predicate PREDICATE_3 = path -> (!((String) path).contains("/" + TEMPERATURE_SENSOR) && ((String) path).contains("/" + DEVICE)); protected String objectIdVer_3; protected String objectInstanceIdVer_3; protected String objectInstanceIdVer_5; protected String objectInstanceIdVer_9; protected String objectIdVer_19; - protected String objectIdVer_50 = "/50"; + protected final String OBJECT_ID_VER_50 = "/50"; protected String objectIdVer_3303; protected static AtomicInteger endpointSequence = new AtomicInteger(); protected static String DEVICE_ENDPOINT_RPC_PREF = "deviceEndpointRpc"; @@ -100,19 +100,19 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg }); } }); - String ver_Id_0 = client.getClient().getObjectTree().getModel().getObjectModel(objectId_0).version; + String ver_Id_0 = client.getClient().getObjectTree().getModel().getObjectModel(OBJECT_ID_0).version; if ("1.0".equals(ver_Id_0)) { - objectIdVer_0 = "/" + objectId_0; + objectIdVer_0 = "/" + OBJECT_ID_0; } else { - objectIdVer_0 = "/" + objectId_0 + "_" + ver_Id_0; + objectIdVer_0 = "/" + OBJECT_ID_0 + "_" + ver_Id_0; } objectIdVer_2 = (String) expectedObjectIdVers.stream().filter(path -> ((String) path).contains("/" + ACCESS_CONTROL)).findFirst().get(); - objectIdVer_3 = (String) expectedObjects.stream().filter(predicate_3).findFirst().get(); + objectIdVer_3 = (String) expectedObjects.stream().filter(PREDICATE_3).findFirst().get(); objectIdVer_19 = (String) expectedObjectIdVers.stream().filter(path -> ((String) path).contains("/" + BINARY_APP_DATA_CONTAINER)).findFirst().get(); objectIdVer_3303 = (String) expectedObjectIdVers.stream().filter(path -> ((String) path).contains("/" + TEMPERATURE_SENSOR)).findFirst().get(); objectInstanceIdVer_1 = (String) expectedObjectIdVerInstances.stream().filter(path -> (!((String) path).contains("/" + BINARY_APP_DATA_CONTAINER) && ((String) path).contains("/" + SERVER))).findFirst().get(); - objectInstanceIdVer_3 = (String) expectedObjectIdVerInstances.stream().filter(predicate_3).findFirst().get(); + objectInstanceIdVer_3 = (String) expectedObjectIdVerInstances.stream().filter(PREDICATE_3).findFirst().get(); objectInstanceIdVer_5 = (String) expectedObjectIdVerInstances.stream().filter(path -> ((String) path).contains("/" + FIRMWARE)).findFirst().get(); objectInstanceIdVer_9 = (String) expectedObjectIdVerInstances.stream().filter(path -> ((String) path).contains("/" + SOFTWARE_MANAGEMENT)).findFirst().get(); @@ -120,22 +120,22 @@ public abstract class AbstractRpcLwM2MIntegrationTest extends AbstractLwM2MInteg " \"type\": \"LWM2M\",\n" + " \"observeAttr\": {\n" + " \"keyName\": {\n" + - " \"" + objectIdVer_3 + "/" + objectInstanceId_0 + "/" + resourceId_9 + "\": \"" + resourceIdName_3_9 + "\",\n" + - " \"" + objectIdVer_3 + "/" + objectInstanceId_0 + "/" + resourceId_14 + "\": \"" + resourceIdName_3_14 + "\",\n" + - " \"" + objectIdVer_19 + "/" + objectInstanceId_0 + "/" + resourceId_0 + "\": \"" + resourceIdName_19_0_0 + "\",\n" + - " \"" + objectIdVer_19 + "/" + objectInstanceId_1 + "/" + resourceId_0 + "\": \"" + resourceIdName_19_1_0 + "\"\n" + + " \"" + objectIdVer_3 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_9 + "\": \"" + RESOURCE_ID_NAME_3_9 + "\",\n" + + " \"" + objectIdVer_3 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_14 + "\": \"" + RESOURCE_ID_NAME_3_14 + "\",\n" + + " \"" + objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_0 + "\": \"" + RESOURCE_ID_NAME_19_0_0 + "\",\n" + + " \"" + objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_1 + "/" + RESOURCE_ID_0 + "\": \"" + RESOURCE_ID_NAME_19_1_0 + "\"\n" + " },\n" + " \"observe\": [\n" + - " \"" + objectIdVer_3 + "/" + objectInstanceId_0 + "/" + resourceId_9 + "\",\n" + - " \"" + objectIdVer_19 + "/" + objectInstanceId_0 + "/" + resourceId_0 + "\"\n" + + " \"" + objectIdVer_3 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_9 + "\",\n" + + " \"" + objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_0 + "\"\n" + " ],\n" + " \"attribute\": [\n" + " ],\n" + " \"telemetry\": [\n" + - " \"" + objectIdVer_3 + "/" + objectInstanceId_0 + "/" + resourceId_9 + "\",\n" + - " \"" + objectIdVer_3 + "/" + objectInstanceId_0 + "/" + resourceId_14 + "\",\n" + - " \"" + objectIdVer_19 + "/" + objectInstanceId_0 + "/" + resourceId_0 + "\",\n" + - " \"" + objectIdVer_19 + "/" + objectInstanceId_1 + "/" + resourceId_0 + "\"\n" + + " \"" + objectIdVer_3 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_9 + "\",\n" + + " \"" + objectIdVer_3 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_14 + "\",\n" + + " \"" + objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_0 + "\",\n" + + " \"" + objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_1 + "/" + RESOURCE_ID_0 + "\"\n" + " ],\n" + " \"attributeLwm2m\": {}\n" + " },\n" + diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationCreateTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationCreateTest.java index 4ab0d68794..40d26bfc17 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationCreateTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationCreateTest.java @@ -25,10 +25,10 @@ import org.thingsboard.server.transport.lwm2m.rpc.AbstractRpcLwM2MIntegrationTes import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_1; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_12; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_1; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_12; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_0; public class RpcLwm2mIntegrationCreateTest extends AbstractRpcLwM2MIntegrationTest { @@ -43,8 +43,8 @@ public class RpcLwm2mIntegrationCreateTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testCreateObjectInstanceWithInstanceIdByIdKey_Result_CREATED() throws Exception { - String expectedPath = objectIdVer_19 + "/" + objectInstanceId_12; - String expectedValue = "{\"" + resourceId_0 + "\":{\"0\":\"00AC\"}, \"1\":1}"; + String expectedPath = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_12; + String expectedValue = "{\"" + RESOURCE_ID_0 + "\":{\"0\":\"00AC\"}, \"1\":1}"; String actualResult = sendRPCreateById(expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CREATED.getName(), rpcActualResult.get("result").asText()); @@ -60,12 +60,12 @@ public class RpcLwm2mIntegrationCreateTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testCreateObjectInstanceWithInstanceIdAlreadyExistsById_Result_BAD_REQUEST() throws Exception { - String expectedPath = objectIdVer_19 + "/" + objectInstanceId_0; - String expectedValue = "{\"" + resourceId_0 + "\":{\"0\":\"00AC\"}, \"1\":1}"; + String expectedPath = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_0; + String expectedValue = "{\"" + RESOURCE_ID_0 + "\":{\"0\":\"00AC\"}, \"1\":1}"; String actualResult = sendRPCreateById(expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); - String expected = "instance " + objectInstanceId_0 + " already exists"; + String expected = "instance " + OBJECT_INSTANCE_ID_0 + " already exists"; String actual = rpcActualResult.get("error").asText(); assertTrue(actual.equals(expected)); } @@ -77,8 +77,8 @@ public class RpcLwm2mIntegrationCreateTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testCreateObjectInstanceWithInstanceIdMandatorySingleObjectById_Result_BAD_REQUEST() throws Exception { - String expectedPath = objectIdVer_3 + "/" + objectInstanceId_1; - String expectedValue = "{\"" + resourceId_0 + "\":{\"0\":\"00AC\"}}"; + String expectedPath = objectIdVer_3 + "/" + OBJECT_INSTANCE_ID_1; + String expectedValue = "{\"" + RESOURCE_ID_0 + "\":{\"0\":\"00AC\"}}"; String actualResult = sendRPCreateById(expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); @@ -94,8 +94,8 @@ public class RpcLwm2mIntegrationCreateTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testCreateObjectInstanceWithInstanceIdSecurityObjectById_Result_BAD_REQUEST() throws Exception { - String expectedPath = objectIdVer_0 + "/" + objectInstanceId_1; - String expectedValue = "{\"" + resourceId_0 + "\":{\"2\":4}}"; + String expectedPath = objectIdVer_0 + "/" + OBJECT_INSTANCE_ID_1; + String expectedValue = "{\"" + RESOURCE_ID_0 + "\":{\"2\":4}}"; String actualResult = sendRPCreateById(expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); @@ -113,8 +113,8 @@ public class RpcLwm2mIntegrationCreateTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testCreateObjectInstanceWithInstanceIdAbsentObjectById_Result_BAD_REQUEST() throws Exception { - String expectedPath = objectIdVer_50+ "/" + objectInstanceId_1; - String expectedValue = "{\"" + resourceId_0 + "\":{\"0\":\"00AC\"}}"; + String expectedPath = OBJECT_ID_VER_50 + "/" + OBJECT_INSTANCE_ID_1; + String expectedValue = "{\"" + RESOURCE_ID_0 + "\":{\"0\":\"00AC\"}}"; String actualResult = sendRPCreateById(expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java index ebc0f6d783..099477d216 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDeleteTest.java @@ -24,10 +24,9 @@ import org.thingsboard.server.transport.lwm2m.rpc.AbstractRpcLwM2MIntegrationTes import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_12; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_7; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_12; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_7; public class RpcLwm2mIntegrationDeleteTest extends AbstractRpcLwM2MIntegrationTest { @@ -39,7 +38,7 @@ public class RpcLwm2mIntegrationDeleteTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testDeleteObjectInstanceIsSuchByIdKey_Result_DELETED() throws Exception { - String expectedPath = objectIdVer_3303 + "/" + objectInstanceId_12; + String expectedPath = objectIdVer_3303 + "/" + OBJECT_INSTANCE_ID_12; String actualResult = sendRPCDeleteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.DELETED.getName(), rpcActualResult.get("result").asText()); @@ -52,7 +51,7 @@ public class RpcLwm2mIntegrationDeleteTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testDeleteObjectInstanceIsNotSuchByIdKey_Result_NOT_FOUND() throws Exception { - String expectedPath = objectIdVer_19 + "/" + objectInstanceId_12; + String expectedPath = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_12; String actualResult = sendRPCDeleteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.NOT_FOUND.getName(), rpcActualResult.get("result").asText()); @@ -82,7 +81,7 @@ public class RpcLwm2mIntegrationDeleteTest extends AbstractRpcLwM2MIntegrationTe */ @Test public void testDeleteResourceByIdKey_Result_METHOD_NOT_ALLOWED() throws Exception { - String expectedPath = objectIdVer_3 + "/" + objectInstanceId_0 + resourceId_7; + String expectedPath = objectIdVer_3 + "/" + OBJECT_INSTANCE_ID_0 + RESOURCE_ID_7; String actualResult = sendRPCDeleteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.METHOD_NOT_ALLOWED.getName(), rpcActualResult.get("result").asText()); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDiscoverTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDiscoverTest.java index b8ca7be61f..ede501c4a2 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDiscoverTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationDiscoverTest.java @@ -31,8 +31,8 @@ import java.util.stream.Collectors; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_2; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_2; public class RpcLwm2mIntegrationDiscoverTest extends AbstractRpcLwM2MIntegrationTest { @@ -141,7 +141,7 @@ public class RpcLwm2mIntegrationDiscoverTest extends AbstractRpcLwM2MIntegration */ @Test public void testDiscoverObjectInstanceAbsentInObject_Return_NOT_FOUND() throws Exception { - String expected = objectIdVer_2 + "/" + objectInstanceId_0; + String expected = objectIdVer_2 + "/" + OBJECT_INSTANCE_ID_0; String actualResult = sendDiscover(expected); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.NOT_FOUND.getName(), rpcActualResult.get("result").asText()); @@ -152,7 +152,7 @@ public class RpcLwm2mIntegrationDiscoverTest extends AbstractRpcLwM2MIntegration */ @Test public void testDiscoverResourceAbsentInObject_Return_NOT_FOUND() throws Exception { - String expected = objectIdVer_2 + "/" + objectInstanceId_0 + "/" + resourceId_2; + String expected = objectIdVer_2 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_2; String actualResult = sendDiscover(expected); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.NOT_FOUND.getName(), rpcActualResult.get("result").asText()); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationExecuteTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationExecuteTest.java index 73ea0fb74c..4d13cbd386 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationExecuteTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationExecuteTest.java @@ -25,12 +25,12 @@ import org.thingsboard.server.transport.lwm2m.rpc.AbstractRpcLwM2MIntegrationTes import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_2; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_3; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_4; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_8; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_2; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_3; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_4; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_8; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_9; public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationTest { @@ -43,7 +43,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteUpdateFWById_Result_CHANGED() throws Exception { - String expectedPath = objectInstanceIdVer_5 + "/" + resourceId_2; + String expectedPath = objectInstanceIdVer_5 + "/" + RESOURCE_ID_2; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CHANGED.getName(), rpcActualResult.get("result").asText()); @@ -56,7 +56,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteUpdateSWById_Result_CHANGED() throws Exception { - String expectedPath = objectInstanceIdVer_9 + "/" + resourceId_4; + String expectedPath = objectInstanceIdVer_9 + "/" + RESOURCE_ID_4; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CHANGED.getName(), rpcActualResult.get("result").asText()); @@ -69,7 +69,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteRebootById_Result_CHANGED() throws Exception { - String expectedPath = objectInstanceIdVer_3 + "/" + resourceId_4; + String expectedPath = objectInstanceIdVer_3 + "/" + RESOURCE_ID_4; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CHANGED.getName(), rpcActualResult.get("result").asText()); @@ -82,7 +82,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteRegistrationUpdateTriggerById_Result_CHANGED() throws Exception { - String expectedPath = objectInstanceIdVer_1 + "/" + resourceId_8; + String expectedPath = objectInstanceIdVer_1 + "/" + RESOURCE_ID_8; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CHANGED.getName(), rpcActualResult.get("result").asText()); @@ -96,7 +96,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteResourceWithParametersById_Result_CHANGED() throws Exception { - String expectedPath = objectInstanceIdVer_3 + "/" + resourceId_4; + String expectedPath = objectInstanceIdVer_3 + "/" + RESOURCE_ID_4; Object expectedValue = 60; String actualResult = sendRPCExecuteWithValueById(expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); @@ -110,7 +110,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteBootstrapRequestTriggerById_Result_BAD_REQUEST_Error_NoBootstrapServerConfigured() throws Exception { - String expectedPath = objectInstanceIdVer_1 + "/" + resourceId_9; + String expectedPath = objectInstanceIdVer_1 + "/" + RESOURCE_ID_9; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); @@ -126,7 +126,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteResourceWithOperationNotExecuteById_Result_METHOD_NOT_ALLOWED() throws Exception { - String expectedPath = objectInstanceIdVer_5 + "/" + resourceId_3; + String expectedPath = objectInstanceIdVer_5 + "/" + RESOURCE_ID_3; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); @@ -143,7 +143,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteNonExistingResourceOnNonExistingObjectById_Result_BAD_REQUEST() throws Exception { - String expectedPath = objectIdVer_50 + "/" + objectInstanceId_0 + "/" + resourceId_3; + String expectedPath = OBJECT_ID_VER_50 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_3; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); @@ -161,7 +161,7 @@ public class RpcLwm2mIntegrationExecuteTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testExecuteSecurityObjectById_Result_NOT_FOUND() throws Exception { - String expectedPath = objectIdVer_0 + "/" + objectInstanceId_0 + "/" + resourceId_3; + String expectedPath = objectIdVer_0 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_3; String actualResult = sendRPCExecuteById(expectedPath); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.BAD_REQUEST.getName(), rpcActualResult.get("result").asText()); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationObserveTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationObserveTest.java index 848a9563ed..f6b53c8c07 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationObserveTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationObserveTest.java @@ -27,10 +27,10 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.BINARY_APP_DATA_CONTAINER; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_3; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_3; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_9; public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationTest { @@ -55,7 +55,7 @@ public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testObserveSingleResource_Result_CONTENT_Value_SingleResource() throws Exception { - String expectedIdVer = objectInstanceIdVer_3 + "/" + resourceId_9; + String expectedIdVer = objectInstanceIdVer_3 + "/" + RESOURCE_ID_9; String actualResult = sendObserve("Observe", expectedIdVer); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CONTENT.getName(), rpcActualResult.get("result").asText()); @@ -87,7 +87,7 @@ public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationT @Test public void testObserveNoImplementedInstanceOnDevice_Result_NotFound() throws Exception { String objectInstanceIdVer = (String) expectedObjectIdVers.stream().filter(path -> ((String)path).contains("/" + ACCESS_CONTROL)).findFirst().get(); - String expected = objectInstanceIdVer + "/" + objectInstanceId_0; + String expected = objectInstanceIdVer + "/" + OBJECT_INSTANCE_ID_0; String actualResult = sendObserve("Observe", expected); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.NOT_FOUND.getName(), rpcActualResult.get("result").asText()); @@ -101,7 +101,7 @@ public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationT @Test public void testObserveNoImplementedResourceOnDeviceValueNull_Result_BadRequest() throws Exception { String objectIdVer = (String) expectedObjectIdVers.stream().filter(path -> ((String)path).contains("/" + BINARY_APP_DATA_CONTAINER)).findFirst().get(); - String expected = objectIdVer + "/" + objectInstanceId_0 + "/" + resourceId_0; + String expected = objectIdVer + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_0; String actualResult = sendObserve("Observe", expected); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); String expectedValue = "values MUST NOT be null"; @@ -116,7 +116,7 @@ public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testObserveRSourceNotRead_Result_METHOD_NOT_ALLOWED() throws Exception { - String expectedId = objectInstanceIdVer_5 + "/" + resourceId_0; + String expectedId = objectInstanceIdVer_5 + "/" + RESOURCE_ID_0; sendObserve("Observe", expectedId); String actualResult = sendObserve("Observe", expectedId); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); @@ -130,7 +130,7 @@ public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationT */ @Test public void testObserveRepeatedRequestObserveOnDevice_Result_BAD_REQUEST_ErrorMsg_AlreadyRegistered() throws Exception { - String expectedId = objectInstanceIdVer_3 + "/" + resourceId_0; + String expectedId = objectInstanceIdVer_3 + "/" + RESOURCE_ID_0; sendObserve("Observe", expectedId); String actualResult = sendObserve("Observe", expectedId); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); @@ -146,8 +146,8 @@ public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationT @Test public void testObserveReadAll_Result_CONTENT_Value_Contains_Paths_Count_ObserveAll() throws Exception { sendObserve("ObserveCancelAll", null); - String expectedId_0 = objectInstanceIdVer_3 + "/" + resourceId_0; - String expectedId_9 = objectInstanceIdVer_3 + "/" + resourceId_9; + String expectedId_0 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_0; + String expectedId_9 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_9; sendObserve("Observe", expectedId_0); sendObserve("Observe", expectedId_9); String actualResult = sendObserve("ObserveReadAll", null); @@ -167,8 +167,8 @@ public class RpcLwm2mIntegrationObserveTest extends AbstractRpcLwM2MIntegrationT @Test public void testObserveCancelOneResource_Result_CONTENT_Value_Count_1() throws Exception { sendObserve("ObserveCancelAll", null); - String expectedId_0 = objectInstanceIdVer_3 + "/" + resourceId_0; - String expectedId_3 = objectInstanceIdVer_5 + "/" + resourceId_3; + String expectedId_0 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_0; + String expectedId_3 = objectInstanceIdVer_5 + "/" + RESOURCE_ID_3; sendObserve("Observe", expectedId_0); sendObserve("Observe", expectedId_3); String actualResult = sendObserve("ObserveCancel", expectedId_0); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationReadTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationReadTest.java index 9116659bc3..aece59d119 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationReadTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationReadTest.java @@ -27,18 +27,18 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.BINARY_APP_DATA_CONTAINER; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_1; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_19_0_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_19_1_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_3_14; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_3_9; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_1; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_11; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_14; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_2; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_1; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_19_0_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_19_1_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_3_14; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_3_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_1; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_11; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_14; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_2; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_9; public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest { @@ -96,11 +96,11 @@ public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest */ @Test public void testReadMultipleResourceById_Result_CONTENT_Value_IsLwM2mMultipleResource() throws Exception { - String expectedIdVer = objectInstanceIdVer_3 +"/" + resourceId_11 ; + String expectedIdVer = objectInstanceIdVer_3 +"/" + RESOURCE_ID_11; String actualResult = sendRPCById(expectedIdVer); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CONTENT.getName(), rpcActualResult.get("result").asText()); - String expected = "LwM2mMultipleResource [id=" + resourceId_11 + ", values={"; + String expected = "LwM2mMultipleResource [id=" + RESOURCE_ID_11 + ", values={"; assertTrue(rpcActualResult.get("value").asText().contains(expected)); } @@ -109,11 +109,11 @@ public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest */ @Test public void testReadSingleResourceById_Result_CONTENT_Value_IsLwM2mSingleResource() throws Exception { - String expectedIdVer = objectInstanceIdVer_3 +"/" + resourceId_14 ; + String expectedIdVer = objectInstanceIdVer_3 +"/" + RESOURCE_ID_14; String actualResult = sendRPCById(expectedIdVer); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CONTENT.getName(), rpcActualResult.get("result").asText()); - String expected = "LwM2mSingleResource [id=" + resourceId_14 + ", value="; + String expected = "LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value="; assertTrue(rpcActualResult.get("value").asText().contains(expected)); } @@ -122,11 +122,11 @@ public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest */ @Test public void testReadSingleResourceByKey_Result_CONTENT_Value_IsLwM2mSingleResource() throws Exception { - String expectedKey = resourceIdName_3_14 ; + String expectedKey = RESOURCE_ID_NAME_3_14; String actualResult = sendRPCByKey(expectedKey); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CONTENT.getName(), rpcActualResult.get("result").asText()); - String expected = "LwM2mSingleResource [id=" + resourceId_14 + ", value="; + String expected = "LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value="; assertTrue(rpcActualResult.get("value").asText().contains(expected)); } @@ -137,16 +137,16 @@ public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest public void testReadCompositeSingleResourceByIds_Result_CONTENT_Value_IsObjectIsLwM2mSingleResourceIsLwM2mMultipleResource() throws Exception { String expectedIdVer_1 = (String) expectedObjectIdVers.stream().filter(path -> (!((String)path).contains("/" + BINARY_APP_DATA_CONTAINER) && ((String)path).contains("/" + SERVER))).findFirst().get(); String objectId_1 = pathIdVerToObjectId(expectedIdVer_1); - String expectedIdVer3_0_1 = objectInstanceIdVer_3 + "/" + resourceId_1; - String expectedIdVer3_0_11 = objectInstanceIdVer_3 + "/" + resourceId_11; + String expectedIdVer3_0_1 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_1; + String expectedIdVer3_0_11 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_11; String objectInstanceId_3 = pathIdVerToObjectId(objectInstanceIdVer_3); String expectedIds = "[\"" + expectedIdVer_1 + "\", \"" + expectedIdVer3_0_1 + "\", \"" + expectedIdVer3_0_11 + "\"]"; String actualResult = sendCompositeRPCByIds(expectedIds); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CONTENT.getName(), rpcActualResult.get("result").asText()); String expected1 = objectId_1 + "=LwM2mObject [id=" + new LwM2mPath(objectId_1).getObjectId() + ", instances={"; - String expected3_0_1 = objectInstanceId_3 + "/" + resourceId_1 + "=LwM2mSingleResource [id=" + resourceId_1 + ", value="; - String expected3_0_11 = objectInstanceId_3 + "/" + resourceId_11 + "=LwM2mMultipleResource [id=" + resourceId_11 + ", values={"; + String expected3_0_1 = objectInstanceId_3 + "/" + RESOURCE_ID_1 + "=LwM2mSingleResource [id=" + RESOURCE_ID_1 + ", value="; + String expected3_0_11 = objectInstanceId_3 + "/" + RESOURCE_ID_11 + "=LwM2mMultipleResource [id=" + RESOURCE_ID_11 + ", values={"; String actualValues = rpcActualResult.get("value").asText(); assertTrue(actualValues.contains(expected1)); assertTrue(actualValues.contains(expected3_0_1)); @@ -159,8 +159,8 @@ public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest @Test public void testReadCompositeSingleResourceByIds_Result_CONTENT_Value_IsObjectInstanceIsLwM2mSingleResource() throws Exception { String expectedIdVer3_0 = objectInstanceIdVer_3; - String expectedIdVer1_0_1 = objectInstanceIdVer_1 + "/" + resourceId_1; - String expectedIdVer1_0_2 = objectInstanceIdVer_1 + "/" + resourceId_2; + String expectedIdVer1_0_1 = objectInstanceIdVer_1 + "/" + RESOURCE_ID_1; + String expectedIdVer1_0_2 = objectInstanceIdVer_1 + "/" + RESOURCE_ID_2; String expectedIds = "[\"" + expectedIdVer1_0_1 + "\", \"" + expectedIdVer1_0_2 + "\", \"" + expectedIdVer3_0 + "\"]"; String actualResult = sendCompositeRPCByIds(expectedIds); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); @@ -169,8 +169,8 @@ public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest LwM2mPath path = new LwM2mPath(objectInstanceId_3); String expected3_0 = objectInstanceId_3 + "=LwM2mObjectInstance [id=" + path.getObjectInstanceId() + ", resources={"; String objectInstanceId_1 = pathIdVerToObjectId(objectInstanceIdVer_1); - String expected1_0_1 = objectInstanceId_1 + "/" + resourceId_1 + "=LwM2mSingleResource [id=" + resourceId_1 + ", value="; - String expected1_0_2 = objectInstanceId_1 + "/" + resourceId_2 + "=null"; + String expected1_0_1 = objectInstanceId_1 + "/" + RESOURCE_ID_1 + "=LwM2mSingleResource [id=" + RESOURCE_ID_1 + ", value="; + String expected1_0_2 = objectInstanceId_1 + "/" + RESOURCE_ID_2 + "=null"; String actualValues = rpcActualResult.get("value").asText(); assertTrue(actualValues.contains(expected3_0)); assertTrue(actualValues.contains(expected1_0_1)); @@ -182,20 +182,20 @@ public class RpcLwm2mIntegrationReadTest extends AbstractRpcLwM2MIntegrationTest */ @Test public void testReadCompositeSingleResourceByKeys_Result_CONTENT_Value_3_0_IsLwM2mSingleResource_19_0_0_AND_19_0_1_Null() throws Exception { - String expectedKey3_0_9 = resourceIdName_3_9; - String expectedKey3_0_14 = resourceIdName_3_14; - String expectedKey19_0_0 = resourceIdName_19_0_0; - String expectedKey19_1_0 = resourceIdName_19_1_0; + String expectedKey3_0_9 = RESOURCE_ID_NAME_3_9; + String expectedKey3_0_14 = RESOURCE_ID_NAME_3_14; + String expectedKey19_0_0 = RESOURCE_ID_NAME_19_0_0; + String expectedKey19_1_0 = RESOURCE_ID_NAME_19_1_0; String expectedKeys = "[\"" + expectedKey3_0_9 + "\", \"" + expectedKey3_0_14 + "\", \"" + expectedKey19_0_0 + "\", \"" + expectedKey19_1_0 + "\"]"; String actualResult = sendCompositeRPCByKeys(expectedKeys); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CONTENT.getName(), rpcActualResult.get("result").asText()); String objectInstanceId_3 = pathIdVerToObjectId(objectInstanceIdVer_3); String objectId_19 = pathIdVerToObjectId(objectIdVer_19); - String expected3_0_9 = objectInstanceId_3 + "/" + resourceId_9 + "=LwM2mSingleResource [id=" + resourceId_9 + ", value="; - String expected3_0_14 = objectInstanceId_3 + "/" + resourceId_14 + "=LwM2mSingleResource [id=" + resourceId_14 + ", value="; - String expected19_0_0 = objectId_19 + "/" + objectInstanceId_0 + "/" + resourceId_0 + "=null"; - String expected19_1_0 = objectId_19 + "/" + objectInstanceId_1 + "/" + resourceId_0 + "=null"; + String expected3_0_9 = objectInstanceId_3 + "/" + RESOURCE_ID_9 + "=LwM2mSingleResource [id=" + RESOURCE_ID_9 + ", value="; + String expected3_0_14 = objectInstanceId_3 + "/" + RESOURCE_ID_14 + "=LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value="; + String expected19_0_0 = objectId_19 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_0 + "=null"; + String expected19_1_0 = objectId_19 + "/" + OBJECT_INSTANCE_ID_1 + "/" + RESOURCE_ID_0 + "=null"; String actualValues = rpcActualResult.get("value").asText(); assertTrue(actualValues.contains(expected3_0_9)); assertTrue(actualValues.contains(expected3_0_14)); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteAttributesTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteAttributesTest.java index ea23ab48b9..531fa33dc9 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteAttributesTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteAttributesTest.java @@ -17,7 +17,6 @@ package org.thingsboard.server.transport.lwm2m.rpc.sql; import com.fasterxml.jackson.databind.node.ObjectNode; import org.eclipse.leshan.core.ResponseCode; -import org.eclipse.leshan.core.node.LwM2mPath; import org.junit.Test; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.transport.lwm2m.rpc.AbstractRpcLwM2MIntegrationTest; @@ -25,13 +24,7 @@ import org.thingsboard.server.transport.lwm2m.rpc.AbstractRpcLwM2MIntegrationTes import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_14; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_2; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_3; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_4; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_8; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_14; public class RpcLwm2mIntegrationWriteAttributesTest extends AbstractRpcLwM2MIntegrationTest { @@ -45,7 +38,7 @@ public class RpcLwm2mIntegrationWriteAttributesTest extends AbstractRpcLwM2MInte */ @Test public void testWriteAttributesResourceWithParametersById_Result_INTERNAL_SERVER_ERROR() throws Exception { - String expectedPath = objectInstanceIdVer_3 + "/" + resourceId_14; + String expectedPath = objectInstanceIdVer_3 + "/" + RESOURCE_ID_14; String expectedValue = "{\"pmax\":100, \"pmin\":10}"; String actualResult = sendRPCExecuteWithValueById(expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteTest.java index 1a92831a36..f5f06631b9 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/rpc/sql/RpcLwm2mIntegrationWriteTest.java @@ -25,16 +25,15 @@ import org.thingsboard.server.transport.lwm2m.rpc.AbstractRpcLwM2MIntegrationTes import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.BINARY_APP_DATA_CONTAINER; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_1; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.objectInstanceId_2; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceIdName_3_14; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_0; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_14; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_15; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceId_9; -import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.resourceInstanceId_2; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_1; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.OBJECT_INSTANCE_ID_2; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_NAME_3_14; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_0; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_14; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_15; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_ID_9; +import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.RESOURCE_INSTANCE_ID_2; public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTest { @@ -46,7 +45,7 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes */ @Test public void testWriteReplaceValueSingleResourceById_Result_CHANGED() throws Exception { - String expectedPath = objectInstanceIdVer_3 + "/" + resourceId_14; + String expectedPath = objectInstanceIdVer_3 + "/" + RESOURCE_ID_14; String expectedValue = "+12"; String actualResult = sendRPCWriteStringById("WriteReplace", expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); @@ -54,7 +53,7 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes actualResult = sendRPCReadById(expectedPath); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); String actualValues = rpcActualResult.get("value").asText(); - String expected = "LwM2mSingleResource [id=" + resourceId_14 + ", value=" + expectedValue + ", type=STRING]"; + String expected = "LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value=" + expectedValue + ", type=STRING]"; assertTrue(actualValues.contains(expected)); } @@ -65,7 +64,7 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes */ @Test public void testWriteReplaceValueSingleResourceByKey_Result_CHANGED() throws Exception { - String expectedKey = resourceIdName_3_14; + String expectedKey = RESOURCE_ID_NAME_3_14; String expectedValue = "+09"; String actualResult = sendRPCWriteByKey("WriteReplace", expectedKey, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); @@ -73,7 +72,7 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes actualResult = sendRPCReadByKey(expectedKey); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); String actualValues = rpcActualResult.get("value").asText(); - String expected = "LwM2mSingleResource [id=" + resourceId_14 + ", value=" + expectedValue + ", type=STRING]"; + String expected = "LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value=" + expectedValue + ", type=STRING]"; assertTrue(actualValues.contains(expected)); } @@ -85,7 +84,7 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes */ @Test public void testWriteReplaceValueMultipleResource_Result_CHANGED_Value_Multi_Instance_Resource_must_in_Json_format() throws Exception { - String expectedPath = objectIdVer_19 + "/" + objectInstanceId_0 + "/" + resourceId_0; + String expectedPath = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_0 + "/" + RESOURCE_ID_0; int resourceInstanceId0 = 0; int resourceInstanceId15 = 15; String expectedValue0 = "0000ad45675600"; @@ -115,7 +114,7 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes */ @Test public void testWriteReplaceValueSingleResourceR_ById_Result_CHANGED() throws Exception { - String expectedPath = objectInstanceIdVer_3 + "/" + resourceId_9; + String expectedPath = objectInstanceIdVer_3 + "/" + RESOURCE_ID_9; Integer expectedValue = 90; String actualResult = sendRPCWriteObjectById("WriteReplace", expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); @@ -132,21 +131,21 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes String expectedPath = objectInstanceIdVer_3; String expectedValue14 = "+5"; String expectedValue15 = "Kiyv/Europe"; - String expectedValue = "{\"" + resourceId_14 + "\":\"" + expectedValue14 + "\",\"" + resourceId_15 + "\":\"" + expectedValue15 + "\"}"; + String expectedValue = "{\"" + RESOURCE_ID_14 + "\":\"" + expectedValue14 + "\",\"" + RESOURCE_ID_15 + "\":\"" + expectedValue15 + "\"}"; String actualResult = sendRPCWriteObjectById("WriteUpdate", expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CHANGED.getName(), rpcActualResult.get("result").asText()); - String expectedPath14 = objectInstanceIdVer_3 + "/" + resourceId_14; - String expectedPath15 = objectInstanceIdVer_3 + "/" + resourceId_15; + String expectedPath14 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_14; + String expectedPath15 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_15; actualResult = sendRPCReadById(expectedPath14); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); String actualValues = rpcActualResult.get("value").asText(); - String expected = "LwM2mSingleResource [id=" + resourceId_14 + ", value=" + expectedValue14 + ", type=STRING]"; + String expected = "LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value=" + expectedValue14 + ", type=STRING]"; assertTrue(actualValues.contains(expected)); actualResult = sendRPCReadById(expectedPath15); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); actualValues = rpcActualResult.get("value").asText(); - expected = "LwM2mSingleResource [id=" + resourceId_15 + ", value=" + expectedValue15 + ", type=STRING]"; + expected = "LwM2mSingleResource [id=" + RESOURCE_ID_15 + ", value=" + expectedValue15 + ", type=STRING]"; assertTrue(actualValues.contains(expected)); } @@ -157,17 +156,17 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes */ @Test public void testWriteUpdateValueMultipleResourceById_Result_CHANGED() throws Exception { - String expectedPath = objectIdVer_19 + "/" + objectInstanceId_0; + String expectedPath = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_0; int resourceInstanceId0 = 0; int resourceInstanceId25 = 25; String expectedValue0 = "00ad45675600"; String expectedValue25 = "25ad45675600cdef"; - String expectedValue = "{\"" + resourceId_0 + "\":{\"" + resourceInstanceId0 + "\":\"" + expectedValue0 + "\", \"" + resourceInstanceId25 + "\":\"" + expectedValue25 + "\"}}"; + String expectedValue = "{\"" + RESOURCE_ID_0 + "\":{\"" + resourceInstanceId0 + "\":\"" + expectedValue0 + "\", \"" + resourceInstanceId25 + "\":\"" + expectedValue25 + "\"}}"; String actualResult = sendRPCWriteObjectById("WriteUpdate", expectedPath, expectedValue); ObjectNode rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); assertEquals(ResponseCode.CHANGED.getName(), rpcActualResult.get("result").asText()); - String expectedPath0 = expectedPath + "/" + resourceId_0 + "/" + resourceInstanceId0; - String expectedPath25 =expectedPath + "/" + resourceId_0 + "/" + resourceInstanceId25; + String expectedPath0 = expectedPath + "/" + RESOURCE_ID_0 + "/" + resourceInstanceId0; + String expectedPath25 =expectedPath + "/" + RESOURCE_ID_0 + "/" + resourceInstanceId25; actualResult = sendRPCReadById(expectedPath0); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); String actualValues = rpcActualResult.get("value").asText(); @@ -188,11 +187,11 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes @Test public void testWriteCompositeValueSingleResourceResourceInstanceByIdKey_Result_CHANGED() throws Exception { int resourceInstanceId2 = 2; - String expectedPath19_1_0_2 = objectIdVer_19 + "/" + objectInstanceId_1 + "/" + resourceId_0 + "/" + resourceInstanceId2; + String expectedPath19_1_0_2 = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_1 + "/" + RESOURCE_ID_0 + "/" + resourceInstanceId2; String expectedValue19_1_0_2 = "00001234"; - String expectedKey3_0_14 = resourceIdName_3_14; + String expectedKey3_0_14 = RESOURCE_ID_NAME_3_14; String expectedValue3_0_14 = "+04"; - String expectedPath3_0_15 = objectInstanceIdVer_3 + "/" + resourceId_15; + String expectedPath3_0_15 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_15; String expectedValue3_0_15 = "Kiyv/Europe"; String nodes = "{\"" + expectedPath19_1_0_2 + "\":\"" + expectedValue19_1_0_2 + "\", \"" + expectedKey3_0_14 + "\":\"" + expectedValue3_0_14 + "\", \"" + expectedPath3_0_15 + "\":\"" + expectedValue3_0_15 + "\"}"; @@ -207,12 +206,12 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes actualResult = sendRPCReadByKey(expectedKey3_0_14); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); actualValues = rpcActualResult.get("value").asText(); - expected = "LwM2mSingleResource [id=" + resourceId_14 + ", value=" + expectedValue3_0_14 + ", type=STRING]"; + expected = "LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value=" + expectedValue3_0_14 + ", type=STRING]"; assertTrue(actualValues.contains(expected)); actualResult = sendRPCReadById(expectedPath3_0_15); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); actualValues = rpcActualResult.get("value").asText(); - expected = "LwM2mSingleResource [id=" + resourceId_15 + ", value=" + expectedValue3_0_15 + ", type=STRING]"; + expected = "LwM2mSingleResource [id=" + RESOURCE_ID_15 + ", value=" + expectedValue3_0_15 + ", type=STRING]"; assertTrue(actualValues.contains(expected)); } @@ -246,11 +245,11 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes */ @Test public void testWriteCompositeCreateResourceInstanceUpdateSingleResourceByIdKey_Result_CHANGED() throws Exception { - String expectedPath19_1_0_2 = objectIdVer_19 + "/" + objectInstanceId_1 + "/" + resourceId_0 + "/" + resourceInstanceId_2; + String expectedPath19_1_0_2 = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_1 + "/" + RESOURCE_ID_0 + "/" + RESOURCE_INSTANCE_ID_2; String expectedValue19_1_0_2 = "00001234"; - String expectedKey3_0_14 = resourceIdName_3_14; + String expectedKey3_0_14 = RESOURCE_ID_NAME_3_14; String expectedValue3_0_14 = "+04"; - String expectedPath3_0_15 = objectInstanceIdVer_3 + "/" + resourceId_15; + String expectedPath3_0_15 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_15; String expectedValue3_0_15 = "Kiyv/Europe"; String nodes = "{\"" + expectedPath19_1_0_2 + "\":\"" + expectedValue19_1_0_2 + "\", \"" + expectedKey3_0_14 + "\":\"" + expectedValue3_0_14 + "\", \"" + expectedPath3_0_15 + "\":\"" + expectedValue3_0_15 + "\"}"; @@ -260,17 +259,17 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes actualResult = sendRPCReadById(expectedPath19_1_0_2); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); String actualValues = rpcActualResult.get("value").asText(); - String expected = "LwM2mResourceInstance [id=" + resourceInstanceId_2 + ", value=" + expectedValue19_1_0_2.length()/2 + "Bytes, type=OPAQUE]"; + String expected = "LwM2mResourceInstance [id=" + RESOURCE_INSTANCE_ID_2 + ", value=" + expectedValue19_1_0_2.length()/2 + "Bytes, type=OPAQUE]"; assertTrue(actualValues.contains(expected)); actualResult = sendRPCReadByKey(expectedKey3_0_14); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); actualValues = rpcActualResult.get("value").asText(); - expected = "LwM2mSingleResource [id=" + resourceId_14 + ", value=" + expectedValue3_0_14 + ", type=STRING]"; + expected = "LwM2mSingleResource [id=" + RESOURCE_ID_14 + ", value=" + expectedValue3_0_14 + ", type=STRING]"; assertTrue(actualValues.contains(expected)); actualResult = sendRPCReadById(expectedPath3_0_15); rpcActualResult = JacksonUtil.fromString(actualResult, ObjectNode.class); actualValues = rpcActualResult.get("value").asText(); - expected = "LwM2mSingleResource [id=" + resourceId_15 + ", value=" + expectedValue3_0_15 + ", type=STRING]"; + expected = "LwM2mSingleResource [id=" + RESOURCE_ID_15 + ", value=" + expectedValue3_0_15 + ", type=STRING]"; assertTrue(actualValues.contains(expected)); } @@ -285,11 +284,11 @@ public class RpcLwm2mIntegrationWriteTest extends AbstractRpcLwM2MIntegrationTes */ @Test public void testWriteCompositeCreateObjectInstanceUpdateSingleResourceByIdKey_Result_BAD_REQUEST() throws Exception { - String expectedPath19_1_2_2 = objectIdVer_19 + "/" + objectInstanceId_2 + "/" + resourceId_0 + "/" + resourceInstanceId_2; + String expectedPath19_1_2_2 = objectIdVer_19 + "/" + OBJECT_INSTANCE_ID_2 + "/" + RESOURCE_ID_0 + "/" + RESOURCE_INSTANCE_ID_2; String expectedValue19_1_0_2 = "00001234"; - String expectedKey3_0_14 = resourceIdName_3_14; + String expectedKey3_0_14 = RESOURCE_ID_NAME_3_14; String expectedValue3_0_14 = "+04"; - String expectedPath3_0_15 = objectInstanceIdVer_3 + "/" + resourceId_15; + String expectedPath3_0_15 = objectInstanceIdVer_3 + "/" + RESOURCE_ID_15; String expectedValue3_0_15 = "Kiyv/Europe"; String nodes = "{\"" + expectedPath19_1_2_2 + "\":\"" + expectedValue19_1_0_2 + "\", \"" + expectedKey3_0_14 + "\":\"" + expectedValue3_0_14 + "\", \"" + expectedPath3_0_15 + "\":\"" + expectedValue3_0_15 + "\"}"; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java index c9d2b556af..9108366395 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java @@ -62,7 +62,7 @@ protected final X509Certificate serverX509Cert; protected final X509Certificate clientX509CertTrustNo; // client certificate signed by intermediate, rootCA with a good CN ("host name") protected final PrivateKey clientPrivateKeyFromCertTrustNo; // client private key used for X509 and RPK protected final PublicKey clientPublicKeyFromCertTrustNo; // client public key used for RPK - private final String[] resources = new String[]{"1.xml", "2.xml", "3.xml", "5.xml", "9.xml"}; + private final String[] RESOURCES_SECURITY = new String[]{"1.xml", "2.xml", "3.xml", "5.xml", "9.xml"}; private final LwM2MBootstrapClientCredentials defaultBootstrapCredentials; @@ -71,7 +71,7 @@ protected final X509Certificate serverX509Cert; public AbstractSecurityLwM2MIntegrationTest() { // create client credentials - setResources(this.resources); + setResources(this.RESOURCES_SECURITY); try { // Get certificates from key store char[] clientKeyStorePwd = CLIENT_STORE_PWD.toCharArray(); From 7820cb22de4c9cfb1d1b19b36945d69531428eb7 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Wed, 12 Jan 2022 17:51:27 +0200 Subject: [PATCH 14/16] lwm2m: preparing for certificate validation in bootstrap mode --- .../secure/TbLwM2MCertificateVerifier.java | 91 +++++++++++++++++++ .../TbLwM2MDtlsCertificateVerifier.java | 54 +---------- 2 files changed, 93 insertions(+), 52 deletions(-) create mode 100644 common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java new file mode 100644 index 0000000000..620d7243c4 --- /dev/null +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java @@ -0,0 +1,91 @@ +/** + * Copyright © 2016-2021 The Thingsboard Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.thingsboard.server.transport.lwm2m.secure; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; +import org.thingsboard.server.common.data.StringUtils; +import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; +import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; +import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException; +import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertPath; +import java.security.cert.CertPathValidator; +import java.security.cert.CertPathValidatorException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.PKIXParameters; +import java.security.cert.TrustAnchor; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; + +@Slf4j +@Component +@TbLwM2mTransportComponent +@RequiredArgsConstructor +public class TbLwM2MCertificateVerifier { + + private final LwM2MTransportServerConfig config; + private final LwM2mCredentialsSecurityInfoValidator securityInfoValidator; + + public TbLwM2MSecurityInfo verifyCertificate(X509Certificate cert, String sha3Hash, LwM2mTypeServer lwM2mTypeServer) { + TbLwM2MSecurityInfo securityInfo = null; + // verify if trust + if (config.getTrustSslCredentials() != null && config.getTrustSslCredentials().getTrustedCertificates().length > 0) { + if (verifyTrust(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) { + String endpoint = config.getTrustSslCredentials().getValueFromSubjectNameByKey(cert.getSubjectX500Principal().getName(), "CN"); + securityInfo = StringUtils.isNotEmpty(endpoint) ? securityInfoValidator.getEndpointSecurityInfoByCredentialsId(endpoint, lwM2mTypeServer) : null; + } + } + // if not trust or cert trust securityInfo == null + if (securityInfo == null) { + try { + securityInfo = securityInfoValidator.getEndpointSecurityInfoByCredentialsId(sha3Hash, lwM2mTypeServer); + } catch (LwM2MAuthException e) { + log.trace("Failed find security info: {}", sha3Hash, e); + } + } + return securityInfo; + } + + private X509Certificate verifyTrust(X509Certificate certificate, X509Certificate[] certificates) { + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + CertPath cp = cf.generateCertPath(Arrays.asList(new X509Certificate[]{certificate})); + for (int index = 0; index < certificates.length; ++index) { + X509Certificate caCert = certificates[index]; + try { + TrustAnchor trustAnchor = new TrustAnchor(caCert, null); + CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); + PKIXParameters pkixParams = new PKIXParameters( + Collections.singleton(trustAnchor)); + pkixParams.setRevocationEnabled(false); + if (cpv.validate(cp, pkixParams) != null) return certificate; + } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException e) { + log.trace("[{}]. [{}]", certificate.getSubjectDN(), e.getMessage()); + } + } + } catch (CertificateException e) { + log.trace("[{}] certPath not valid. [{}]", certificate.getSubjectDN(), e.getMessage()); + } + return null; + } +} diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java index babf385bc8..5703f5b366 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java @@ -29,7 +29,6 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler; import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; import org.eclipse.californium.scandium.util.ServerNames; -import org.eclipse.leshan.core.util.SecurityUtil; import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -44,28 +43,18 @@ import org.thingsboard.server.common.transport.util.SslUtil; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials; -import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException; import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; import org.thingsboard.server.transport.lwm2m.server.store.TbMainSecurityStore; import javax.annotation.PostConstruct; import javax.security.auth.x500.X500Principal; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.cert.CertPath; -import java.security.cert.CertPathValidator; -import java.security.cert.CertPathValidatorException; import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; import java.security.cert.CertificateNotYetValidException; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Arrays; -import java.util.Collections; import java.util.List; import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.CLIENT; @@ -80,6 +69,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer private final LwM2MTransportServerConfig config; private final LwM2mCredentialsSecurityInfoValidator securityInfoValidator; private final TbMainSecurityStore securityStore; + private final TbLwM2MCertificateVerifier certificateVerifier; @SuppressWarnings("deprecation") private StaticCertificateVerifier staticCertificateVerifier; @@ -124,26 +114,9 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer if (!skipValidityCheckForClientCert) { cert.checkValidity(); } - - - TbLwM2MSecurityInfo securityInfo = null; - // verify if trust - if (config.getTrustSslCredentials() != null && config.getTrustSslCredentials().getTrustedCertificates().length > 0) { - if (verifyTrust(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) { - String endpoint = config.getTrustSslCredentials().getValueFromSubjectNameByKey(cert.getSubjectX500Principal().getName(), "CN"); - securityInfo = StringUtils.isNotEmpty(endpoint) ? securityInfoValidator.getEndpointSecurityInfoByCredentialsId(endpoint, CLIENT) : null; - } - } - // if not trust or cert trust securityInfo == null String strCert = SslUtil.getCertificateString(cert); String sha3Hash = EncryptionUtil.getSha3Hash(strCert); - if (securityInfo == null) { - try { - securityInfo = securityInfoValidator.getEndpointSecurityInfoByCredentialsId(sha3Hash, CLIENT); - } catch (LwM2MAuthException e) { - log.trace("Failed find security info: {}", sha3Hash, e); - } - } + TbLwM2MSecurityInfo securityInfo = certificateVerifier.verifyCertificate(cert, sha3Hash, CLIENT); ValidateDeviceCredentialsResponse msg = securityInfo != null ? securityInfo.getMsg() : null; if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { LwM2MClientCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MClientCredentials.class); @@ -201,27 +174,4 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer public void setResultHandler(HandshakeResultHandler resultHandler) { } - - private X509Certificate verifyTrust(X509Certificate certificate, X509Certificate[] certificates) { - try { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - CertPath cp = cf.generateCertPath(Arrays.asList(new X509Certificate[]{certificate})); - for (int index = 0; index < certificates.length; ++index) { - X509Certificate caCert = certificates[index]; - try { - TrustAnchor trustAnchor = new TrustAnchor(caCert, null); - CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); - PKIXParameters pkixParams = new PKIXParameters( - Collections.singleton(trustAnchor)); - pkixParams.setRevocationEnabled(false); - if (cpv.validate(cp, pkixParams) != null) return certificate; - } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException e) { - log.trace("[{}]. [{}]", certificate.getSubjectDN(), e.getMessage()); - } - } - } catch (CertificateException e) { - log.trace("[{}] certPath not valid. [{}]", certificate.getSubjectDN(), e.getMessage()); - } - return null; - } } From 26e091861b40c4f84c3218936090fa67df1e47c2 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Wed, 12 Jan 2022 19:27:36 +0200 Subject: [PATCH 15/16] Revert "lwm2m: preparing for certificate validation in bootstrap mode" This reverts commit 7820cb22 --- .../secure/TbLwM2MCertificateVerifier.java | 91 ------------------- .../TbLwM2MDtlsCertificateVerifier.java | 54 ++++++++++- 2 files changed, 52 insertions(+), 93 deletions(-) delete mode 100644 common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java deleted file mode 100644 index 620d7243c4..0000000000 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MCertificateVerifier.java +++ /dev/null @@ -1,91 +0,0 @@ -/** - * Copyright © 2016-2021 The Thingsboard Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.thingsboard.server.transport.lwm2m.secure; - -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; -import org.thingsboard.server.common.data.StringUtils; -import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; -import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; -import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException; -import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer; - -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertPath; -import java.security.cert.CertPathValidator; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Collections; - -@Slf4j -@Component -@TbLwM2mTransportComponent -@RequiredArgsConstructor -public class TbLwM2MCertificateVerifier { - - private final LwM2MTransportServerConfig config; - private final LwM2mCredentialsSecurityInfoValidator securityInfoValidator; - - public TbLwM2MSecurityInfo verifyCertificate(X509Certificate cert, String sha3Hash, LwM2mTypeServer lwM2mTypeServer) { - TbLwM2MSecurityInfo securityInfo = null; - // verify if trust - if (config.getTrustSslCredentials() != null && config.getTrustSslCredentials().getTrustedCertificates().length > 0) { - if (verifyTrust(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) { - String endpoint = config.getTrustSslCredentials().getValueFromSubjectNameByKey(cert.getSubjectX500Principal().getName(), "CN"); - securityInfo = StringUtils.isNotEmpty(endpoint) ? securityInfoValidator.getEndpointSecurityInfoByCredentialsId(endpoint, lwM2mTypeServer) : null; - } - } - // if not trust or cert trust securityInfo == null - if (securityInfo == null) { - try { - securityInfo = securityInfoValidator.getEndpointSecurityInfoByCredentialsId(sha3Hash, lwM2mTypeServer); - } catch (LwM2MAuthException e) { - log.trace("Failed find security info: {}", sha3Hash, e); - } - } - return securityInfo; - } - - private X509Certificate verifyTrust(X509Certificate certificate, X509Certificate[] certificates) { - try { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - CertPath cp = cf.generateCertPath(Arrays.asList(new X509Certificate[]{certificate})); - for (int index = 0; index < certificates.length; ++index) { - X509Certificate caCert = certificates[index]; - try { - TrustAnchor trustAnchor = new TrustAnchor(caCert, null); - CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); - PKIXParameters pkixParams = new PKIXParameters( - Collections.singleton(trustAnchor)); - pkixParams.setRevocationEnabled(false); - if (cpv.validate(cp, pkixParams) != null) return certificate; - } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException e) { - log.trace("[{}]. [{}]", certificate.getSubjectDN(), e.getMessage()); - } - } - } catch (CertificateException e) { - log.trace("[{}] certPath not valid. [{}]", certificate.getSubjectDN(), e.getMessage()); - } - return null; - } -} diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java index 5703f5b366..babf385bc8 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java @@ -29,6 +29,7 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler; import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; import org.eclipse.californium.scandium.util.ServerNames; +import org.eclipse.leshan.core.util.SecurityUtil; import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -43,18 +44,28 @@ import org.thingsboard.server.common.transport.util.SslUtil; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials; +import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException; import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; import org.thingsboard.server.transport.lwm2m.server.store.TbMainSecurityStore; import javax.annotation.PostConstruct; import javax.security.auth.x500.X500Principal; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.cert.CertPath; +import java.security.cert.CertPathValidator; +import java.security.cert.CertPathValidatorException; import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; import java.security.cert.CertificateNotYetValidException; +import java.security.cert.PKIXParameters; +import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Arrays; +import java.util.Collections; import java.util.List; import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.CLIENT; @@ -69,7 +80,6 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer private final LwM2MTransportServerConfig config; private final LwM2mCredentialsSecurityInfoValidator securityInfoValidator; private final TbMainSecurityStore securityStore; - private final TbLwM2MCertificateVerifier certificateVerifier; @SuppressWarnings("deprecation") private StaticCertificateVerifier staticCertificateVerifier; @@ -114,9 +124,26 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer if (!skipValidityCheckForClientCert) { cert.checkValidity(); } + + + TbLwM2MSecurityInfo securityInfo = null; + // verify if trust + if (config.getTrustSslCredentials() != null && config.getTrustSslCredentials().getTrustedCertificates().length > 0) { + if (verifyTrust(cert, config.getTrustSslCredentials().getTrustedCertificates()) != null) { + String endpoint = config.getTrustSslCredentials().getValueFromSubjectNameByKey(cert.getSubjectX500Principal().getName(), "CN"); + securityInfo = StringUtils.isNotEmpty(endpoint) ? securityInfoValidator.getEndpointSecurityInfoByCredentialsId(endpoint, CLIENT) : null; + } + } + // if not trust or cert trust securityInfo == null String strCert = SslUtil.getCertificateString(cert); String sha3Hash = EncryptionUtil.getSha3Hash(strCert); - TbLwM2MSecurityInfo securityInfo = certificateVerifier.verifyCertificate(cert, sha3Hash, CLIENT); + if (securityInfo == null) { + try { + securityInfo = securityInfoValidator.getEndpointSecurityInfoByCredentialsId(sha3Hash, CLIENT); + } catch (LwM2MAuthException e) { + log.trace("Failed find security info: {}", sha3Hash, e); + } + } ValidateDeviceCredentialsResponse msg = securityInfo != null ? securityInfo.getMsg() : null; if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { LwM2MClientCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MClientCredentials.class); @@ -174,4 +201,27 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer public void setResultHandler(HandshakeResultHandler resultHandler) { } + + private X509Certificate verifyTrust(X509Certificate certificate, X509Certificate[] certificates) { + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + CertPath cp = cf.generateCertPath(Arrays.asList(new X509Certificate[]{certificate})); + for (int index = 0; index < certificates.length; ++index) { + X509Certificate caCert = certificates[index]; + try { + TrustAnchor trustAnchor = new TrustAnchor(caCert, null); + CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); + PKIXParameters pkixParams = new PKIXParameters( + Collections.singleton(trustAnchor)); + pkixParams.setRevocationEnabled(false); + if (cpv.validate(cp, pkixParams) != null) return certificate; + } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException e) { + log.trace("[{}]. [{}]", certificate.getSubjectDN(), e.getMessage()); + } + } + } catch (CertificateException e) { + log.trace("[{}] certPath not valid. [{}]", certificate.getSubjectDN(), e.getMessage()); + } + return null; + } } From aec1ef69c50ad20c5cdd4b95af74d2c1178a6091 Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Thu, 13 Jan 2022 11:00:39 +0200 Subject: [PATCH 16/16] lwm2m: *.sh for create credentials remove to tools --- .../lwm2m}/lwM2M_cfssl_chain_clients_for_test.sh | 16 ++++++++++++++++ .../lwm2m}/lwm2m_cfssl_chain_all_for_test.sh | 16 ++++++++++++++++ .../lwm2m}/lwm2m_cfssl_chain_server_for_test.sh | 16 ++++++++++++++++ 3 files changed, 48 insertions(+) rename {application/src/test/resources/lwm2m/credentials/shell => tools/src/main/shell/lwm2m}/lwM2M_cfssl_chain_clients_for_test.sh (95%) rename {application/src/test/resources/lwm2m/credentials/shell => tools/src/main/shell/lwm2m}/lwm2m_cfssl_chain_all_for_test.sh (78%) rename {application/src/test/resources/lwm2m/credentials/shell => tools/src/main/shell/lwm2m}/lwm2m_cfssl_chain_server_for_test.sh (94%) diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_clients_for_test.sh b/tools/src/main/shell/lwm2m/lwM2M_cfssl_chain_clients_for_test.sh similarity index 95% rename from application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_clients_for_test.sh rename to tools/src/main/shell/lwm2m/lwM2M_cfssl_chain_clients_for_test.sh index 243e498b04..10ba2d0f46 100755 --- a/application/src/test/resources/lwm2m/credentials/shell/lwM2M_cfssl_chain_clients_for_test.sh +++ b/tools/src/main/shell/lwm2m/lwM2M_cfssl_chain_clients_for_test.sh @@ -1,4 +1,20 @@ #!/usr/bin/env bash +# +# Copyright © 2016-2021 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + # Change working directory cd -- "$( diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh b/tools/src/main/shell/lwm2m/lwm2m_cfssl_chain_all_for_test.sh similarity index 78% rename from application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh rename to tools/src/main/shell/lwm2m/lwm2m_cfssl_chain_all_for_test.sh index c869366ac2..8d78c1370e 100755 --- a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_all_for_test.sh +++ b/tools/src/main/shell/lwm2m/lwm2m_cfssl_chain_all_for_test.sh @@ -1,4 +1,20 @@ #!/usr/bin/env bash +# +# Copyright © 2016-2021 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + readonly INTERMEDIATE_START=0 readonly INTERMEDIATE_FINISH=2 diff --git a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_server_for_test.sh b/tools/src/main/shell/lwm2m/lwm2m_cfssl_chain_server_for_test.sh similarity index 94% rename from application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_server_for_test.sh rename to tools/src/main/shell/lwm2m/lwm2m_cfssl_chain_server_for_test.sh index efe6ed46dd..c0527b5192 100755 --- a/application/src/test/resources/lwm2m/credentials/shell/lwm2m_cfssl_chain_server_for_test.sh +++ b/tools/src/main/shell/lwm2m/lwm2m_cfssl_chain_server_for_test.sh @@ -1,4 +1,20 @@ #!/usr/bin/env bash +# +# Copyright © 2016-2021 The Thingsboard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + # REF: https://github.com/cloudflare/cfssl