From be4d3f608d2cb6a369b47771d9ae187e5ff5ff93 Mon Sep 17 00:00:00 2001 From: YevhenBondarenko Date: Mon, 7 Jun 2021 19:26:10 +0300 Subject: [PATCH 1/3] fixed lwm2m tests --- .../lwm2m/AbstractLwM2MIntegrationTest.java | 47 ++++++++ .../lwm2m/NoSecLwM2MIntegrationTest.java | 71 ++---------- .../lwm2m/X509LwM2MIntegrationTest.java | 48 -------- .../lwm2m/client/LwM2MTestClient.java | 107 ++++++------------ .../lwm2m/credentials/clientKeyStore.jks | Bin 3180 -> 4810 bytes .../lwm2m/credentials/serverKeyStore.jks | Bin 3120 -> 3806 bytes 6 files changed, 93 insertions(+), 180 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java index 90b926e78a..6db6e24f91 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/AbstractLwM2MIntegrationTest.java @@ -60,6 +60,53 @@ import java.util.concurrent.ScheduledExecutorService; @DaoSqlTest public class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest { + protected final String TRANSPORT_CONFIGURATION = "{\n" + + " \"type\": \"LWM2M\",\n" + + " \"observeAttr\": {\n" + + " \"keyName\": {\n" + + " \"/3_1.0/0/9\": \"batteryLevel\"\n" + + " },\n" + + " \"observe\": [],\n" + + " \"attribute\": [\n" + + " ],\n" + + " \"telemetry\": [\n" + + " \"/3_1.0/0/9\"\n" + + " ],\n" + + " \"attributeLwm2m\": {}\n" + + " },\n" + + " \"bootstrap\": {\n" + + " \"servers\": {\n" + + " \"binding\": \"U\",\n" + + " \"shortId\": 123,\n" + + " \"lifetime\": 300,\n" + + " \"notifIfDisabled\": true,\n" + + " \"defaultMinPeriod\": 1\n" + + " },\n" + + " \"lwm2mServer\": {\n" + + " \"host\": \"localhost\",\n" + + " \"port\": 5686,\n" + + " \"serverId\": 123,\n" + + " \"serverPublicKey\": \"\",\n" + + " \"bootstrapServerIs\": false,\n" + + " \"clientHoldOffTime\": 1,\n" + + " \"bootstrapServerAccountTimeout\": 0\n" + + " },\n" + + " \"bootstrapServer\": {\n" + + " \"host\": \"localhost\",\n" + + " \"port\": 5687,\n" + + " \"serverId\": 111,\n" + + " \"securityMode\": \"NO_SEC\",\n" + + " \"serverPublicKey\": \"\",\n" + + " \"bootstrapServerIs\": true,\n" + + " \"clientHoldOffTime\": 1,\n" + + " \"bootstrapServerAccountTimeout\": 0\n" + + " }\n" + + " },\n" + + " \"clientLwM2mSettings\": {\n" + + " \"clientOnlyObserveAfterConnect\": 1\n" + + " }\n" + + "}"; + protected DeviceProfile deviceProfile; protected ScheduledExecutorService executor; protected TbTestWebSocketClient wsClient; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java index 2021dd839c..7d173e61d9 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/NoSecLwM2MIntegrationTest.java @@ -22,6 +22,7 @@ import org.junit.Assert; import org.junit.Test; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.common.data.Device; +import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecClientCredentials; import org.thingsboard.server.common.data.query.EntityData; import org.thingsboard.server.common.data.query.EntityDataPageLink; import org.thingsboard.server.common.data.query.EntityDataQuery; @@ -36,7 +37,6 @@ import org.thingsboard.server.service.telemetry.cmd.v2.EntityDataUpdate; import org.thingsboard.server.service.telemetry.cmd.v2.LatestValueCmd; import org.thingsboard.server.transport.lwm2m.client.LwM2MTestClient; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; -import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecClientCredentials; import java.util.Collections; import java.util.List; @@ -46,60 +46,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class NoSecLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { - protected final String TRANSPORT_CONFIGURATION = "{\n" + - " \"type\": \"LWM2M\",\n" + - " \"observeAttr\": {\n" + - " \"keyName\": {\n" + - " \"/3_1.0/0/9\": \"batteryLevel\"\n" + - " },\n" + - " \"observe\": [],\n" + - " \"attribute\": [\n" + - " ],\n" + - " \"telemetry\": [\n" + - " \"/3_1.0/0/9\"\n" + - " ],\n" + - " \"attributeLwm2m\": {}\n" + - " },\n" + - " \"bootstrap\": {\n" + - " \"servers\": {\n" + - " \"binding\": \"UQ\",\n" + - " \"shortId\": 123,\n" + - " \"lifetime\": 300,\n" + - " \"notifIfDisabled\": true,\n" + - " \"defaultMinPeriod\": 1\n" + - " },\n" + - " \"lwm2mServer\": {\n" + - " \"host\": \"localhost\",\n" + - " \"port\": 5685,\n" + - " \"serverId\": 123,\n" + - " \"securityMode\": \"NO_SEC\",\n" + - " \"serverPublicKey\": \"\",\n" + - " \"bootstrapServerIs\": false,\n" + - " \"clientHoldOffTime\": 1,\n" + - " \"bootstrapServerAccountTimeout\": 0\n" + - " },\n" + - " \"bootstrapServer\": {\n" + - " \"host\": \"localhost\",\n" + - " \"port\": 5687,\n" + - " \"serverId\": 111,\n" + - " \"securityMode\": \"NO_SEC\",\n" + - " \"serverPublicKey\": \"\",\n" + - " \"bootstrapServerIs\": true,\n" + - " \"clientHoldOffTime\": 1,\n" + - " \"bootstrapServerAccountTimeout\": 0\n" + - " }\n" + - " },\n" + - " \"clientLwM2mSettings\": {\n" + - " \"clientOnlyObserveAfterConnect\": 1\n" + - " }\n" + - "}"; - - private final int port = 5685; - private final Security security = noSec("coap://localhost:" + port, 123); - private final NetworkConfig coapConfig = new NetworkConfig().setString("COAP_PORT", Integer.toString(port)); + private final int PORT = 5685; + private final Security SECURITY = noSec("coap://localhost:" + PORT, 123); + private final NetworkConfig COAP_CONFIG = new NetworkConfig().setString("COAP_PORT", Integer.toString(PORT)); + private final String ENDPOINT = "deviceAEndpoint"; @NotNull - private Device createDevice(String deviceAEndpoint) throws Exception { + private Device createDevice() throws Exception { Device device = new Device(); device.setName("Device A"); device.setDeviceProfileId(deviceProfile.getId()); @@ -114,20 +67,18 @@ public class NoSecLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { LwM2MCredentials noSecCredentials = new LwM2MCredentials(); NoSecClientCredentials clientCredentials = new NoSecClientCredentials(); - clientCredentials.setEndpoint(deviceAEndpoint); + clientCredentials.setEndpoint(ENDPOINT); noSecCredentials.setClient(clientCredentials); deviceCredentials.setCredentialsValue(JacksonUtil.toString(noSecCredentials)); doPost("/api/device/credentials", deviceCredentials).andExpect(status().isOk()); return device; } -// @Test + @Test public void testConnectAndObserveTelemetry() throws Exception { createDeviceProfile(TRANSPORT_CONFIGURATION); - String deviceAEndpoint = "deviceAEndpoint"; - - Device device = createDevice(deviceAEndpoint); + Device device = createDevice(); SingleEntityFilter sef = new SingleEntityFilter(); sef.setSingleEntity(device.getId()); @@ -144,8 +95,8 @@ public class NoSecLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { wsClient.waitForReply(); wsClient.registerWaitForUpdate(); - LwM2MTestClient client = new LwM2MTestClient(executor, deviceAEndpoint); - client.init(security, coapConfig); + LwM2MTestClient client = new LwM2MTestClient(executor, ENDPOINT); + client.init(SECURITY, COAP_CONFIG); String msg = wsClient.waitForUpdate(); EntityDataUpdate update = mapper.readValue(msg, EntityDataUpdate.class); diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java index 18749cfee5..0c13c57441 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/X509LwM2MIntegrationTest.java @@ -47,54 +47,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest { - protected final String TRANSPORT_CONFIGURATION = "{\n" + - " \"type\": \"LWM2M\",\n" + - " \"observeAttr\": {\n" + - " \"keyName\": {\n" + - " \"/3_1.0/0/9\": \"batteryLevel\"\n" + - " },\n" + - " \"observe\": [],\n" + - " \"attribute\": [\n" + - " ],\n" + - " \"telemetry\": [\n" + - " \"/3_1.0/0/9\"\n" + - " ],\n" + - " \"attributeLwm2m\": {}\n" + - " },\n" + - " \"bootstrap\": {\n" + - " \"servers\": {\n" + - " \"binding\": \"UQ\",\n" + - " \"shortId\": 123,\n" + - " \"lifetime\": 300,\n" + - " \"notifIfDisabled\": true,\n" + - " \"defaultMinPeriod\": 1\n" + - " },\n" + - " \"lwm2mServer\": {\n" + - " \"host\": \"localhost\",\n" + - " \"port\": 5686,\n" + - " \"serverId\": 123,\n" + - " \"serverPublicKey\": \"\",\n" + - " \"bootstrapServerIs\": false,\n" + - " \"clientHoldOffTime\": 1,\n" + - " \"bootstrapServerAccountTimeout\": 0\n" + - " },\n" + - " \"bootstrapServer\": {\n" + - " \"host\": \"localhost\",\n" + - " \"port\": 5687,\n" + - " \"serverId\": 111,\n" + - " \"securityMode\": \"NO_SEC\",\n" + - " \"serverPublicKey\": \"\",\n" + - " \"bootstrapServerIs\": true,\n" + - " \"clientHoldOffTime\": 1,\n" + - " \"bootstrapServerAccountTimeout\": 0\n" + - " }\n" + - " },\n" + - " \"clientLwM2mSettings\": {\n" + - " \"clientOnlyObserveAfterConnect\": 1\n" + - " }\n" + - "}"; - - private final int port = 5686; private final NetworkConfig coapConfig = new NetworkConfig().setString("COAP_SECURE_PORT", Integer.toString(port)); private final String endpoint = "deviceAEndpoint"; diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java index 9f7c232203..4ab03fa6c0 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java @@ -17,18 +17,11 @@ package org.thingsboard.server.transport.lwm2m.client; import lombok.Data; import lombok.extern.slf4j.Slf4j; +import org.eclipse.californium.core.network.CoapEndpoint; import org.eclipse.californium.core.network.config.NetworkConfig; -import org.eclipse.californium.elements.Connector; +import org.eclipse.californium.core.observe.ObservationStore; import org.eclipse.californium.scandium.DTLSConnector; import org.eclipse.californium.scandium.config.DtlsConnectorConfig; -import org.eclipse.californium.scandium.dtls.ClientHandshaker; -import org.eclipse.californium.scandium.dtls.DTLSSession; -import org.eclipse.californium.scandium.dtls.HandshakeException; -import org.eclipse.californium.scandium.dtls.Handshaker; -import org.eclipse.californium.scandium.dtls.ResumingClientHandshaker; -import org.eclipse.californium.scandium.dtls.ResumingServerHandshaker; -import org.eclipse.californium.scandium.dtls.ServerHandshaker; -import org.eclipse.californium.scandium.dtls.SessionAdapter; import org.eclipse.leshan.client.californium.LeshanClient; import org.eclipse.leshan.client.californium.LeshanClientBuilder; import org.eclipse.leshan.client.engine.DefaultRegistrationEngineFactory; @@ -40,7 +33,7 @@ import org.eclipse.leshan.client.resource.ObjectsInitializer; import org.eclipse.leshan.client.servers.ServerIdentity; import org.eclipse.leshan.core.LwM2mId; import org.eclipse.leshan.core.ResponseCode; -import org.eclipse.leshan.core.californium.DefaultEndpointFactory; +import org.eclipse.leshan.core.californium.EndpointFactory; import org.eclipse.leshan.core.model.InvalidDDFFileException; import org.eclipse.leshan.core.model.LwM2mModel; import org.eclipse.leshan.core.model.ObjectLoader; @@ -54,6 +47,7 @@ import org.eclipse.leshan.core.request.RegisterRequest; import org.eclipse.leshan.core.request.UpdateRequest; import java.io.IOException; +import java.net.InetSocketAddress; import java.util.ArrayList; import java.util.List; import java.util.concurrent.ScheduledExecutorService; @@ -81,80 +75,49 @@ public class LwM2MTestClient { initializer.setInstancesForObject(SECURITY, security); initializer.setInstancesForObject(SERVER, new Server(123, 300)); initializer.setInstancesForObject(DEVICE, new SimpleLwM2MDevice()); + initializer.setClassForObject(LwM2mId.ACCESS_CONTROL, DummyInstanceEnabler.class); DtlsConnectorConfig.Builder dtlsConfig = new DtlsConnectorConfig.Builder(); dtlsConfig.setRecommendedCipherSuitesOnly(true); + dtlsConfig.setClientOnly(); DefaultRegistrationEngineFactory engineFactory = new DefaultRegistrationEngineFactory(); engineFactory.setReconnectOnUpdate(false); engineFactory.setResumeOnConnect(true); - DefaultEndpointFactory endpointFactory = new DefaultEndpointFactory(endpoint) { + EndpointFactory endpointFactory = new EndpointFactory() { + + @Override + public CoapEndpoint createUnsecuredEndpoint(InetSocketAddress address, NetworkConfig coapConfig, + ObservationStore store) { + CoapEndpoint.Builder builder = new CoapEndpoint.Builder(); + builder.setInetSocketAddress(address); + builder.setNetworkConfig(coapConfig); + return builder.build(); + } + @Override - protected Connector createSecuredConnector(DtlsConnectorConfig dtlsConfig) { - - return new DTLSConnector(dtlsConfig) { - @Override - protected void onInitializeHandshaker(Handshaker handshaker) { - handshaker.addSessionListener(new SessionAdapter() { - - @Override - public void handshakeStarted(Handshaker handshaker) throws HandshakeException { - if (handshaker instanceof ServerHandshaker) { - log.info("DTLS Full Handshake initiated by server : STARTED ..."); - } else if (handshaker instanceof ResumingServerHandshaker) { - log.info("DTLS abbreviated Handshake initiated by server : STARTED ..."); - } else if (handshaker instanceof ClientHandshaker) { - log.info("DTLS Full Handshake initiated by client : STARTED ..."); - } else if (handshaker instanceof ResumingClientHandshaker) { - log.info("DTLS abbreviated Handshake initiated by client : STARTED ..."); - } - } - - @Override - public void sessionEstablished(Handshaker handshaker, DTLSSession establishedSession) - throws HandshakeException { - if (handshaker instanceof ServerHandshaker) { - log.info("DTLS Full Handshake initiated by server : SUCCEED, handshaker {}", handshaker); - } else if (handshaker instanceof ResumingServerHandshaker) { - log.info("DTLS abbreviated Handshake initiated by server : SUCCEED, handshaker {}", handshaker); - } else if (handshaker instanceof ClientHandshaker) { - log.info("DTLS Full Handshake initiated by client : SUCCEED, handshaker {}", handshaker); - } else if (handshaker instanceof ResumingClientHandshaker) { - log.info("DTLS abbreviated Handshake initiated by client : SUCCEED, handshaker {}", handshaker); - } - } - - @Override - public void handshakeFailed(Handshaker handshaker, Throwable error) { - /** get cause */ - String cause; - if (error != null) { - if (error.getMessage() != null) { - cause = error.getMessage(); - } else { - cause = error.getClass().getName(); - } - } else { - cause = "unknown cause"; - } - - if (handshaker instanceof ServerHandshaker) { - log.info("DTLS Full Handshake initiated by server : FAILED [{}]", cause); - } else if (handshaker instanceof ResumingServerHandshaker) { - log.info("DTLS abbreviated Handshake initiated by server : FAILED [{}]", cause); - } else if (handshaker instanceof ClientHandshaker) { - log.info("DTLS Full Handshake initiated by client : FAILED [{}]", cause); - } else if (handshaker instanceof ResumingClientHandshaker) { - log.info("DTLS abbreviated Handshake initiated by client : FAILED [{}]", cause); - } - } - }); - } - }; + public CoapEndpoint createSecuredEndpoint(DtlsConnectorConfig dtlsConfig, NetworkConfig coapConfig, + ObservationStore store) { + CoapEndpoint.Builder builder = new CoapEndpoint.Builder(); + DtlsConnectorConfig.Builder dtlsConfigBuilder = new DtlsConnectorConfig.Builder(dtlsConfig); + + // tricks to be able to change psk information on the fly +// AdvancedPskStore pskStore = dtlsConfig.getAdvancedPskStore(); +// if (pskStore != null) { +// PskPublicInformation identity = pskStore.getIdentity(null, null); +// SecretKey key = pskStore +// .requestPskSecretResult(ConnectionId.EMPTY, null, identity, null, null, null).getSecret(); +// singlePSKStore = new SinglePSKStore(identity, key); +// dtlsConfigBuilder.setAdvancedPskStore(singlePSKStore); +// } + builder.setConnector(new DTLSConnector(dtlsConfigBuilder.build())); + builder.setNetworkConfig(coapConfig); + return builder.build(); } }; + LeshanClientBuilder builder = new LeshanClientBuilder(endpoint); builder.setLocalAddress("0.0.0.0", 11000); builder.setObjects(initializer.createAll()); diff --git a/application/src/test/resources/lwm2m/credentials/clientKeyStore.jks b/application/src/test/resources/lwm2m/credentials/clientKeyStore.jks index 7cc58589b72517c57a1086144275218ad04b75de..a6c9ae7faed05c48ec1218e23a42c3025ae852d2 100644 GIT binary patch literal 4810 zcmeHKdpwls9)IVZ8?$1V+`8z^r7faoTyo7Kw~~aYeB{y?OqdySK}BLOgxw-rlBDFa z(TZxxaVZgsq;!#Oed=sfBHG$cn>de|>D0_gr#|2u2XxmVxY?(+F|Bkr}Xrw_K2ni-bWfz@s=6CB*GFPk0g!dufX^N|u{P18lHZ>cz+#X=+GmPnADKMv-z)w>@4JBhb z95ADsN(Mgk=M8{HB8%2Ragqh`I5OS=A$$_)db__`Kf&{*+vqJu#2QlLoO2`e+65gI z-$gJeM>`{JIjxqb>8Ge_!lDMXA86YTCXKbnuGg^n=F+^#I@_T_2Ve*0!Y$8LB&ZQ) z8fIy2sm?Jp&$_ZJ{#<&$?-nG%2PjVctc1f&65w0nNI+@oo;Gz)1bBFnJ_Nig0-VtK z$i+`9(rT0kqX*_j_w@*Fd+BSSSe=pDsrHJU_wP4v8bC4krd)?AT1kHN7-kN~$tF(BaxIDJ$Zha)0{i0J#> zovXR|mu?hxEl}b7x^;3Dt#7!s^lHm~yIG-8)Li9+;k)X(YBi1vEBDnnA>Ez!mT$3`Q4`n9W+^X!+{4QYO-S3QT6X}EDl&Ek_+k0!5+ zYpLBXV#z;PQ2-f{2g6>%3gV9>L+Jzg5U|p$u#jbig&&wj*8pl_N-2dfV^|EPy%Rfx z%VDtvV0v2U9!Lqw-7z#C_5+1q>%r{Zrb<@rA-bN~cDcLZR##D3?^iAxJ|7PzzqBvV z*yMKZMJcE6p^Zs|bIl@!0%}5XejyKV-=T%)i-5C@=hRPSl+Ag>Zzi$gZEP1x(*mCg z~3 zcUGX)I%_?*E_{3-ZJa+cD?i<-R#=W=gwmu2hr~i!y5^m%St(XSs=P&_3t+#~|>9H!PwQ{m$UWGO2k zOFy7X*9MqKKnj|XB2NyK>?oEc2$yW@k1ZvUBV)Y!3qJ=m9_lR#FWA#Q!FtBRKlEK@R$tJlo_n3b=vB)WQS;b+(7BZC~gcdc{5>TRX>Hkx@c6+Pa||hi){oR?wITG zsg(^leJ5-T^ZT;2SlX2DLO$JrktE@ie zV(3OUHZe6@YW@KxHl`D?&h_4cZl}NScqNqV38S?a8?N=awxM`xRG?1AJYVaiudOGe zpVML!quB?GvXVcrfBp2AXyKVh6d6+wN(pE9O zsn;F7ks3QNc{q&6s497^$v>WtV0af}+7+|4Ma=vf{-UO`3IbZ2(e6)Sd+W8OGKhnve&F{pX!=}TYj4pS)bm=q zHg>r3!Tw%uPva9JIo&dQB!vMD}d)xMoZa~hgv(AwfIo@}ty=^|8i z?n)v@R27DTkau$Rd!dmn;Z)#ji%U2;K!PP4ijz*-ZqJH)6dp%CKfEigBQr|i7~(ZE zSNc%JWgeC&#P;~!=vb~|O|B&94a$Fi-o|$Jf-!&9>IK^k`kO|fskCT;0hJLwRNGo% zCZ`=e)~M|P>N&lva`&9jLkU_gBIznXQxTUp{5Q4tLBl^m{$qix3_<2fg!XQil~?o@ z=_63e`7j(La*k_O?v!R8_|N5RCM#z%zkh4i=|vq~di=F*tao-9r*Ip2(xUaGp`_g-CJ{w$T`QZdmIwKlWK4#oVF!}tB|TGZ8X?OTd* z)Y^xIg29viIhbnLsgyi}V&_7UU{xeV6q_Rm6!3(60W(Bg+a1{O7R+)8WGRd{wH@(s zK${GhI`sLXb^*4`8j_Y-$d*hvP4oP|D)0ZkP5Rn*Om0!NWp4tgDGpG|L5z=m>HIMn zbp-;Pp~*g28Bx;KSa>euVO`z+-kczeW;a<=?+S=f1MQ;`&`d}d^5AfFY+egkWc!CP39AfyQ}=1VlHt()E_ z1M7$I_@8ZhJ%PtNiS+k2y&uujiVJc5Gsor4Iq{=&2E7sHiH7dql=}VmE~1%wAjS=W z-US%MD#xzn+KIdbuX4}O1#U6Evu~aWyJvEnGFWtBU;QUP+JGyKj%mKTb$|Y4AvgC` M^f%}Gep;{ccMhiIP5=M^ literal 3180 zcmY+EcQhLgyT>I~#h#@`&C&{j+M^=W-m|s$Dlyu|jM=CdX-UmeTS=(BDJ7^?tEm3$ z-D;v$6|}s)_uTuw_x|;q^ZB0Vd!Elf4E~`y z_c5=z7aiXiMP0SIp3X%Zap%Z$u5o#n@rt3Ni{ZVz8sNQ!BJU_!EeP+w52WLeWfEYZ z@Su1=;YZ;`5k&D2@*gicPFW5rHfz5?FF{#FIf#;+qO6jVoPshWfnN0A4YV}H3G|$Q z5i1Zt@ppj!lK}poAI*RH1%Rg>D$|YFIKb2gpEW5N9}71w{I_3R0%+=L4gR(-Ux$}= zrm0RO$19#zUzA_G3G8i7vuD>K*KK(PwRHrBK`AvmJJmkd!pe&uC*)(P;5ld71zZ3nuS1haTTmybS^XcAe)So$acDI| zmC*^Gf!EzPXY8x~_>;H9?m{U=9jZWPu%xf2q14AY93aolJz4Lu0+{AFNooT?9dtWz`(x=LG7zcaw5@tiW6 zmN7Em+7$q-do3HSnjr~K7i$OMF~&oJ-78kIbuYA|-W$8}+aB?CWmX~#($Ss!|I7&8 zfzpcY|8#*-X9$@bd@~1Kxj!&SvaHrl<<~TWt0F&f=gH`1dGss};YfXU%L1>@5(5?8 zo|Yz-=nPBV4!`{UW?-x&DSt)i`o@H4&UT_N$3Al?kw~xEz@uIOX>_CvZqsY7E>`~< z)u*Ig9OBuoh^RM|RpcGI}(s>QSJNWeWpNW|N4DYAP|kGi@> z0_}UVlN$JJX%%~{e?gb|ER3<*#P5>xqxchlz0x zdf-!mQz6b>!Ofl~woyu43-;@;oczXcNkA>gnT4T8349H4O)Nz&(3#G2!9F=|f%zMi z;B;)}v&n`X#el-~waY$)-IZ8RPQ|dIyR)_(Xg8IaeF2p=NivE{WrI6#_Kk0qdC83) zt8Kw1lF=*v%8?z=+X<|ezsSc*XZx2~c{srB~%&tf5yj*pxL10uj$iFwb_=xkXmfAQVWy$)OTCIO2^!(%q zxwYh2rLAb*+ZHn{l6_)MkB&qfn!mdBU^9A&<25(d37M%`4oO9I?`tX-Kv?q&8RveWJfTj|C*(~?a#XX* zHc(Kk*0x$06q2$&-h*yOv-F2@<*;(v=PEq<>?(zw>`knBgne}3G$IN&q>UzqPAomA z9%$1-D5=Hok(GkAn+y0IKFm#1<*%U2ZvFBl*);k|4D|2lUJQ>MmxEpV`gh;ld1rEv zflhw7)RFQ@=6A4DN0QHvgW~bihUx8!_HXhwlU#K>8k06ja}hpatemUXh5rQ9swEiGJ1d><-1Yn+7nJy9>Sx7w z;=~!rnUdx1%RGUqAEL*(bui)Z!Hac=&(Y4ZX^#p$BrXT=!v^E!aA0no{1@99M z@y$C;m9h3otJ2vBDLjtAJ&*`3n+x`5Hr@!H72_`-KU`^z$Wr9V?F!ZXesRi~(m5uQ zrmL29!G383?}8oj3MWbIfioD)ui2eS1+{gO^4K;^_WBh@)M#hmK4#>>E&iT~IKQ0G zd%9t~Td|-nRlbA$XuS5cHYnQcIqBVru2A2 zz@*?0t6R8i+L=2C$of411@kr ziwo=QI@w;(No~GjiNPc%ecPX{8As|KFW$P%K4ssybl4l$x=H19epGEbbN?VozQPWZ zHRRz|Lz62iPT6j2wv2CWiYn)pVgetR(62!%nlN^8-#O+@W6xAVK51xO=MQ=% zM%#nP*jvSr*%2y1%2dydZL}mRwgaE_Dj3n-ym8Uj&W-)7{l+dkAo2tp81>JS(9L7Q z#TWlFvY_oJ4F54dCarark`7_Xp!ebjl3e{|tNov$sp&b)=MwaNAhs?zf*AMPWQ?E~ zKCiO$_k~+-F2Oamgl}kIs>nVceYQNeiwL8#Y>HCiTZQ7=<7xT7)9oXtoDcy;`^Lsd zMjLBJhOqg$oE>PMEx1(<|O)1HA9sm+Nu(eMq@G_by%kOo}7V{ryp4 z@T<~pv9?Z^(H7Rrr5_enmuER~)Y$8;a%>PWsXloG)WNPvuDS!;2wg{nK>bMV3V4{6eZAHBpRy z1nc~^$CBLtM4#X5r9>|`8y+fhF%rd*24!pd$azQaxq3e7rN$q}80e9h1U;hMNWJ4G zZ7TBeD>JH2%L@W5ZWuP4Zma~P+mc^9=lNx-1L?zEJ}Mp9%=v8kH_@a=S|n#(U7lj) zU=^aS+<`VRu{|vtOq4KOZMdVb?1`G0?OJf}_;DrHU4C(UqO!%RYzBoQ7ENywB1Pr7 zv(vcn<7sU!l>>UP%5OhboL<#IVF&FLuf;ofQkXbndq)P`62!6=Sh5L5N{?G=KLu7T z#Zw}ME)jjpF|E zmXHTaZWr$LoRLcT8<(k`=(C~#DS~R+23BZE0Ag+YU2(9KjC*qWk>3u;C05Q8of!d- zUFw!jFxDi!>2s$)cAcYs-Y{T!emm@^e}VWkxA;5tRrvWyvm^qzONEI}46wyN>B MoMV8L095h60D(LA`2YX_ diff --git a/application/src/test/resources/lwm2m/credentials/serverKeyStore.jks b/application/src/test/resources/lwm2m/credentials/serverKeyStore.jks index f1f03005e129985fd17b09e8dd6e0e2caa2d366f..fc541a3b18111312545da774be682ddb893d72c2 100644 GIT binary patch literal 3806 zcmezO_TO6u1_mY|W&_iFnRz9tMY*XdnTaK-$%zaMjFr!(OnJ+|8lh)uUJkHs&Ff*|-7)Tn58;G(ohq5pW^ZBF}XC&q+6y@ia zC^$PBD2VeK85)=wm>U`cNz*6^ej`JmfT^JgRKP&dP~JcmqFD^88QDo7Lm~}?+1SDM zF)>0dW@cn(c4A;T@VS|9lH1dLZ_jKt-`U6Fea+QH`BYo9IL#mhY`ZKUix`Ut^Mt&kdKuN{mQQtB zUi5*fk(H(TpaCDyakBi3jQ?4HzGY-H5CZXqL3|DaHXy~s$Y3B35>sZ8Fc51H(VZk$ zxqXJN`J@Z|H3z%zhgCAvhN1=-vnPXr8zz+tX`Lo>Xmwt;`4ciQ-RUJ$iP{g zT2z)=1Wd({+%)YhP`KWp7MPN_wAmP07`2!L85vm_Sh9C4soL}0b=E$Mg=v$soQ%&E ze-UkGh(7!8*z23GK6Ux3JW7}-CdGRxUb*$s#*H}>yS#3hWc=9SwbZeCr>?;9ccr&_ zYgxQJ(!V{(HT$V`QR>5%H$^P@+qt&id0fzvyI|3@t`COBEccC7VLd&rY7L^CxjgF5%vL_s_{?G7bKy zS)IAVKm?R*1X*|uxSKe0@{<#DGV+T{3^>7wiG|4kHQ!?`JcL1NRatlpxY#&=anH)i z&di7!(9G@(1};nrn!6{v?BTePd(kMjNR;uU^|$ugrFS$Q9umsi${YQ5&H^TdsFeM= z90yik-kWEXGgr=O`{J&$y|KM7LUoxI7hXH8CBN4cMod%AvKSoW?FOfOlv-vGHtp+D%Gs zJc(4Dp!3?mQ2w@XY2U+&4qJBf-UtR0M-HvV>(w&A3ge>joNbbJ!JgUYuAZ6QqPAQv zQ)->$ngpAsU+XTp#rL^@s{=MjR72u+>TO(gfe)|D(-6Qb2h|ya67LSJ{;U~ z=j!t7JN^Y!?~YK;neEaj@$>WA(44J%&My4R*S)D{)LMO8UGTuGsl5-*N3oSb>J z)Lvu@%h8K!V%cK1e3=wtzAp%{I$kwDp0DD0XHV~}Lt>(a&rX)h7S2h_+IP<}98nI8 zw&b9#Z#uT*m>7g0Sr@a2o|KM=nlfPCDFR|qSR>n^QvogiV9x@mC9xTLNo*EnfL$LA zvreFaKLuHbh@1iK`FxVtS7y-vtNrrlO-x^(POD+NzGweDCVTEHScmMzZ literal 3120 zcmb7?2{aUH8^>pc!7vD8SJuc-1`|edMaB}L#3hEIn2uW2`P}c^@7{CI`Of+7ciwZ}=bZolyzhB_&;LOXp|T(#9fHWR%m9ItbV+-x zKt^B&k!6&g$TD;y_aTU&h`(7NJUtQQdm?)wf;$;l{&)ms27)qt5f2d349x$LPW~07 zhj9?PR?blS-^PeIRe7>qzlKfC76Q=$T8-&-wd!1sA1ALX%mpGE>qRQyYQ@=L@jGH9 zwlzgWqguGkP2JL?Z!!ypYphpOvh!i;{et~-hS;E6h914$VaZ5!8ONS3_b=Wn@)`)i zKYN70Z;pqc=Ef9=BZ6&-7Mc9C||ERjTud|b7$z(dsId?92!yS5B)mT1E>WH));h6 zscGKlO-5>NW;KK!m=^Sm-{@5b=e{u4cc}hG#Aiyp_Pl1WDF(ielD~mC|5vv#d66?` z01p7JCm^0D)$63*1>E^R;1m^6Cvg8HCvV$h9O&?oB+R10Azjn)&E@fSqd(w4>ZEr+ z1IBT6>@K7U4KZq-^O9MPREcl;nx!Y#$n(X0Okj3TnT~m@3x}r@y^@w;WXzyC*0NR;wL1QDY4=Xe+yGKi4#Cz3P>2skNX ze>uRv?IFYOdzd0DuJ8H^e7LqzBSE~Fx3Lne^5oxq1R~R_e=}h*Tk!b@kZ_RAR;?l{ z{J^+uvHZ+;TWQu)0!|P65R+2I)-KBL-AhLu#Xs`-`u|F;9yeY!&*3cccvly^p1PMz zyMxEHw66MVhv)98S|B(H3j0?YI?D!(*#8}zC+ zG!ze)K6)xg$;W8hbE$7LnbCFK&4hh4T?=Oj>{}3gaUEkwOO-HSjF-hh`M-9KCL8FF zx<$&+g{3}q7=uCkTa@F3W*C}%9J9mCa;8t2WU)uFSJSD6*5hIUr8=*2SN3rCas z4x)TN?m?Z64X|Cv-H3++S5Lpfc5%k>H$WHo%^59yadG?RoBQ?m1>f54-AXh~P~(>R zqC^XOZtLnW@yWvVC5KaGa}jx%^;6F_Tbei~JJCLQt8O5_;aq_c)E@Z>B>!!;R3Yv>a7DsSefN9@{g5~bOq&uvm=C&ZGW_PJWzVL!{m z+V&Zd1lb$Qfpai(d|L0C+~?aPCZ)UTIF-jM*`9d; zHzS?%D(y)s)GGbj?UZa>K!DWq$lJ3hbzjmjaYRrACpu5@Q((*X;X}J{luqW90{G+` zNkJfC{dMjy7Ji1Z0Xev!&0(^?WR&fr2NF5|K(g|;@8;NN zWAdCdufb47p$JuDWwi*on_}Bq@mpN|QR_p>@WPUe>Drved6RL>seLL2RZ+kO1YeUt zE_J!GdFQ&wF-wPr{*tvR31(b5<_l`37f+1783!MaTI!mb?tgCBFm zCj}NS3Sk*Cp(aRaP=;DWk(+*7r_DRKZ%gEDal=g)_P@%?Vje2?bxqH2gztp=6a0;) zhDKc%Jb7KJI0u9&AAdD=<*Pr$H}{f@s4u-BJK@B-8a%qCKhoe@SR6NY(oYFlR+}$w zct3j0iKKxnC14)p1YgW~FRs5oI*4=Jl)r>rvQ;cAf>)V6P^Gqq;7Cw&4nkKQgIXq__R(T-&~r`Kr=kc<#4!o>-H%`Wuz8 zs(}?jTs-g9LG>B(ykbMLQ+Tq%Y@fH>nu(5&RR-o;;LVZ7h?S+xzE_EMFEqkOD(^XX zIqlf;=YQF6cyrW;E>D*?!>`YjIKVqLLU?Zv3b&hhwU&32v;;PQEvoAsri#F*ka7<& zc_;1q*ZPT~(BhZH&hB#GQ*AW>8{4i9?_$d|N*y2HJx406k(b?Ar1<1#_v&1#e#Li&t1P`~}OT}+!`r>=7 z*a}U}ha~P$MZMkXmV4JjtQFTM9bOZPvMB?7OYx`1ta`;SlF{WXrlC?AfeH)lvRjui z!?dnCtlmcR6=7OhyTshguRD@~R`Zujn6Pptx;s9x{NlNJc2j%y9~r1JT97t(|4o9j zYf0H_wHE$+qo3>w%ZGV+EL|(KIY352RtdVzbDY$h3h7)~g0z0ygEt5F{qj;EmjY(d z0T~&WsKR97y(@-B#Wn0Ttx2W|BV%)9OE7-U^8VGpv)<63&H9;y>(BR2@h+afz{{_8 zgGUCE@+m8`NLv5wo%ve^47(q2^;JKD8@!R7?K6(Ak;g%mRRH@hV~)=snhOUarRy75 zx)iA%8O4MjRgDYs$*MMBNqol1JF>CL5SoaFr zI4I$}{w)@M=v7w=C@)e^yFuvI^p?z50d1`xeBHOqcPT}v!Ii;XXUAdD6y?tA-2TUA zdc-adXpE1Ydo61DYOsyXi&+R}eb)WfJ#jPIf~UP8YIXDv1e!M%$dLm{eSY*_FJb%ZDa!T^?GqXP+m0raq|ZrxS|MbSSj qL;D3%%-d?jak~%bVSeI3r^Om(r)};qh1!z#p-K Date: Tue, 8 Jun 2021 10:50:36 +0300 Subject: [PATCH 2/3] fixed lwm2m x509 with cert security --- ...LwM2mCredentialsSecurityInfoValidator.java | 12 +-- .../TbLwM2MDtlsCertificateVerifier.java | 75 +++++++------------ .../server/client/LwM2mClientContextImpl.java | 2 - 3 files changed, 35 insertions(+), 54 deletions(-) diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java index c57c2295c6..13d6fd6568 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java @@ -22,16 +22,16 @@ import org.eclipse.leshan.server.security.SecurityInfo; import org.springframework.stereotype.Component; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.common.data.StringUtils; +import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials; import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode; +import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredentials; +import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredentials; import org.thingsboard.server.common.transport.TransportServiceCallback; import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsResponse; import org.thingsboard.server.gen.transport.TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; -import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; -import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredentials; -import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredentials; import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext; import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportUtil; @@ -104,9 +104,10 @@ public class LwM2mCredentialsSecurityInfoValidator { result.setEndpoint(endpoint); result.setSecurityMode(credentials.getBootstrap().getBootstrapServer().getSecurityMode()); } else { + result.setEndpoint(credentials.getClient().getEndpoint()); switch (credentials.getClient().getSecurityConfigClientMode()) { case NO_SEC: - createClientSecurityInfoNoSec(result, endpoint); + createClientSecurityInfoNoSec(result); break; case PSK: createClientSecurityInfoPSK(result, endpoint, credentials.getClient()); @@ -125,8 +126,7 @@ public class LwM2mCredentialsSecurityInfoValidator { return result; } - private void createClientSecurityInfoNoSec(TbLwM2MSecurityInfo result, String endpoint) { - result.setEndpoint(endpoint); + private void createClientSecurityInfoNoSec(TbLwM2MSecurityInfo result) { result.setSecurityInfo(null); result.setSecurityMode(NO_SEC); } diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java index 7b81e733bc..dcd7fa89bb 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java @@ -29,22 +29,21 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler; import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; import org.eclipse.californium.scandium.util.ServerNames; +import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; -import org.springframework.util.StringUtils; import org.thingsboard.common.util.JacksonUtil; import org.thingsboard.server.common.data.DeviceProfile; import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode; +import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials; import org.thingsboard.server.common.msg.EncryptionUtil; -import org.thingsboard.server.common.transport.TransportService; -import org.thingsboard.server.common.transport.TransportServiceCallback; import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsResponse; import org.thingsboard.server.common.transport.util.SslUtil; -import org.thingsboard.server.gen.transport.TransportProtos; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; -import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials; +import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportUtil; +import org.thingsboard.server.transport.lwm2m.server.store.TbEditableSecurityStore; import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; import javax.annotation.PostConstruct; @@ -57,8 +56,6 @@ import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.List; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.TimeUnit; @Slf4j @Component @@ -66,9 +63,10 @@ import java.util.concurrent.TimeUnit; @RequiredArgsConstructor public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVerifier { - private final TransportService transportService; private final TbLwM2MDtlsSessionStore sessionStorage; private final LwM2MTransportServerConfig config; + private final LwM2mCredentialsSecurityInfoValidator securityInfoValidator; + private final TbEditableSecurityStore securityStore; @SuppressWarnings("deprecation") private StaticCertificateVerifier staticCertificateVerifier; @@ -119,48 +117,33 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer String strCert = SslUtil.getCertificateString(cert); String sha3Hash = EncryptionUtil.getSha3Hash(strCert); - final ValidateDeviceCredentialsResponse[] deviceCredentialsResponse = new ValidateDeviceCredentialsResponse[1]; - CountDownLatch latch = new CountDownLatch(1); - transportService.process(TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg.newBuilder().setCredentialsId(sha3Hash).build(), - new TransportServiceCallback<>() { - @Override - public void onSuccess(ValidateDeviceCredentialsResponse msg) { - if (!StringUtils.isEmpty(msg.getCredentials())) { - deviceCredentialsResponse[0] = msg; - } - latch.countDown(); - } - - @Override - public void onError(Throwable e) { - log.error(e.getMessage(), e); - latch.countDown(); - } - }); - if (latch.await(10, TimeUnit.SECONDS)) { - ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0]; - if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { - LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class); - if(!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)){ - continue; - } - X509ClientCredentials config = (X509ClientCredentials) credentials.getClient(); - String certBody = config.getCert(); - String endpoint = config.getEndpoint(); - if (strCert.equals(certBody)) { - x509CredentialsFound = true; - DeviceProfile deviceProfile = msg.getDeviceProfile(); - if (msg.hasDeviceInfo() && deviceProfile != null) { - sessionStorage.put(endpoint, new TbX509DtlsSessionInfo(cert.getSubjectX500Principal().getName(), msg)); - break; + TbLwM2MSecurityInfo securityInfo = securityInfoValidator.getEndpointSecurityInfoByCredentialsId(sha3Hash, LwM2mTransportUtil.LwM2mTypeServer.CLIENT); + ValidateDeviceCredentialsResponse msg = securityInfo != null ? securityInfo.getMsg() : null; + if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { + LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class); + if (!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)) { + continue; + } + X509ClientCredentials config = (X509ClientCredentials) credentials.getClient(); + String certBody = config.getCert(); + String endpoint = config.getEndpoint(); + if (strCert.equals(certBody)) { + x509CredentialsFound = true; + DeviceProfile deviceProfile = msg.getDeviceProfile(); + if (msg.hasDeviceInfo() && deviceProfile != null) { + sessionStorage.put(endpoint, new TbX509DtlsSessionInfo(cert.getSubjectX500Principal().getName(), msg)); + try { + securityStore.put(securityInfo); + } catch (NonUniqueSecurityInfoException e) { + log.trace("Failed to add security info: {}", securityInfo, e); } - } else { - log.trace("[{}][{}] Certificate mismatch. Expected: {}, Actual: {}", endpoint, sha3Hash, strCert, certBody); + break; } + } else { + log.trace("[{}][{}] Certificate mismatch. Expected: {}, Actual: {}", endpoint, sha3Hash, strCert, certBody); } } - } catch (InterruptedException | - CertificateEncodingException | + } catch (CertificateEncodingException | CertificateExpiredException | CertificateNotYetValidException e) { log.error(e.getMessage(), e); diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/client/LwM2mClientContextImpl.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/client/LwM2mClientContextImpl.java index ac57040d7b..aa204ae868 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/client/LwM2mClientContextImpl.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/client/LwM2mClientContextImpl.java @@ -19,7 +19,6 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.eclipse.leshan.core.node.LwM2mPath; import org.eclipse.leshan.server.registration.Registration; -import org.eclipse.leshan.server.security.EditableSecurityStore; import org.springframework.stereotype.Service; import org.thingsboard.server.common.data.DeviceProfile; import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsResponse; @@ -29,7 +28,6 @@ import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MSecurityInfo; import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext; import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportUtil; import org.thingsboard.server.transport.lwm2m.server.store.TbEditableSecurityStore; -import org.thingsboard.server.transport.lwm2m.server.store.TbSecurityStore; import java.util.Arrays; import java.util.Collection; From 7dc6ee10d889add002eba31eb4355ed93e398d33 Mon Sep 17 00:00:00 2001 From: YevhenBondarenko Date: Tue, 8 Jun 2021 11:57:41 +0300 Subject: [PATCH 3/3] refactored --- .../server/transport/TransportSqlTestSuite.java | 14 +++++++------- .../lwm2m/server/store/TbLwM2mStoreFactory.java | 7 +------ 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/application/src/test/java/org/thingsboard/server/transport/TransportSqlTestSuite.java b/application/src/test/java/org/thingsboard/server/transport/TransportSqlTestSuite.java index d059ea1449..25df3bee00 100644 --- a/application/src/test/java/org/thingsboard/server/transport/TransportSqlTestSuite.java +++ b/application/src/test/java/org/thingsboard/server/transport/TransportSqlTestSuite.java @@ -26,13 +26,13 @@ import java.util.Arrays; @RunWith(ClasspathSuite.class) @ClasspathSuite.ClassnameFilters({ -// "org.thingsboard.server.transport.*.rpc.sql.*Test", -// "org.thingsboard.server.transport.*.telemetry.timeseries.sql.*Test", -// "org.thingsboard.server.transport.*.telemetry.attributes.sql.*Test", -// "org.thingsboard.server.transport.*.attributes.updates.sql.*Test", -// "org.thingsboard.server.transport.*.attributes.request.sql.*Test", -// "org.thingsboard.server.transport.*.claim.sql.*Test", -// "org.thingsboard.server.transport.*.provision.sql.*Test", + "org.thingsboard.server.transport.*.rpc.sql.*Test", + "org.thingsboard.server.transport.*.telemetry.timeseries.sql.*Test", + "org.thingsboard.server.transport.*.telemetry.attributes.sql.*Test", + "org.thingsboard.server.transport.*.attributes.updates.sql.*Test", + "org.thingsboard.server.transport.*.attributes.request.sql.*Test", + "org.thingsboard.server.transport.*.claim.sql.*Test", + "org.thingsboard.server.transport.*.provision.sql.*Test", "org.thingsboard.server.transport.lwm2m.*Test" }) public class TransportSqlTestSuite { diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mStoreFactory.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mStoreFactory.java index 3dd9ebd3ed..154de636de 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mStoreFactory.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mStoreFactory.java @@ -17,19 +17,14 @@ package org.thingsboard.server.transport.lwm2m.server.store; import org.eclipse.leshan.server.californium.registration.CaliforniumRegistrationStore; import org.eclipse.leshan.server.californium.registration.InMemoryRegistrationStore; -import org.eclipse.leshan.server.security.EditableSecurityStore; -import org.eclipse.leshan.server.security.InMemorySecurityStore; -import org.eclipse.leshan.server.security.SecurityStore; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import org.thingsboard.server.cache.TBRedisCacheConfiguration; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; import org.thingsboard.server.transport.lwm2m.secure.LwM2mCredentialsSecurityInfoValidator; -import org.thingsboard.server.transport.lwm2m.server.client.LwM2mClientContext; import java.util.Optional; @@ -56,7 +51,7 @@ public class TbLwM2mStoreFactory { } @Bean - private TbSecurityStore securityStore() { + private TbEditableSecurityStore securityStore() { return new TbLwM2mSecurityStore(redisConfiguration.isPresent() && useRedis ? new TbLwM2mRedisSecurityStore(redisConfiguration.get().redisConnectionFactory()) : new TbInMemorySecurityStore(), validator); }