diff --git a/application/src/main/resources/logback.xml b/application/src/main/resources/logback.xml
index 6d10a74854..25a021c5f0 100644
--- a/application/src/main/resources/logback.xml
+++ b/application/src/main/resources/logback.xml
@@ -34,6 +34,9 @@
+
+
+
@@ -41,4 +44,4 @@
-
\ No newline at end of file
+
diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml
index f90f35a42b..cadabb92ae 100644
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@@ -577,7 +577,7 @@ transport:
# model_path_file: "${LWM2M_MODEL_PATH_FILE:./common/transport/lwm2m/src/main/resources/models/}"
model_path_file: "${LWM2M_MODEL_PATH_FILE:}"
recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
- recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:false}"
+ recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
request_pool_size: "${LWM2M_REQUEST_POOL_SIZE:100}"
request_error_pool_size: "${LWM2M_REQUEST_ERROR_POOL_SIZE:10}"
registered_pool_size: "${LWM2M_REGISTERED_POOL_SIZE:10}"
@@ -593,7 +593,7 @@ transport:
key_store_path_file: "${KEY_STORE_PATH_FILE:}"
key_store_password: "${LWM2M_KEYSTORE_PASSWORD_SERVER:server_ks_password}"
root_alias: "${LWM2M_SERVER_ROOT_CA:rootca}"
- enable_gen_psk_rpk: "${ENABLE_GEN_PSK_RPK:true}"
+ enable_gen_new_key_psk_rpk: "${ENABLE_GEN_NEW_KEY_PSK_RPK:false}"
server:
id: "${LWM2M_SERVER_ID:123}"
bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}"
@@ -602,11 +602,14 @@ transport:
bind_address_security: "${LWM2M_BIND_ADDRESS_SECURITY:0.0.0.0}"
bind_port_security: "${LWM2M_BIND_PORT_SECURITY:5686}"
# Only for RPK: Public & Private Key. If the keystore file is missing or not working
-# create_rpk: "${CREATE_RPK:}"
- public_x: "${LWM2M_SERVER_PUBLIC_X:405354ea8893471d9296afbc8b020a5c6201b0bb25812a53b849d4480fa5f069}"
- public_y: "${LWM2M_SERVER_PUBLIC_Y:30c9237e946a3a1692c1cafaa01a238a077f632c99371348337512363f28212b}"
- private_s: "${LWM2M_SERVER_PRIVATE_S:274671fe40ce937b8a6352cf0a418e8a39e4bf0bb9bf74c910db953c20c73802}"
- # Only Certificate_x509:
+ # create_rpk: "${CREATE_RPK:}"
+# - Public Key (Hex): [ 3059301306072a8648ce3d020106082a8648ce3d03010703420004b47a14ea87ab31cce28f24df0ae0a4cfcdb845134bcd088f2fac393b4d4843d140ebc1bfd8f5e0ec402fb8308c5c07bc380783276a385f89ef0da0b1a2545c25 ]
+# - Private Key (Hex): [ 3041020100301306072a8648ce3d020106082a8648ce3d030107042730250201010420b65b265abfb9e67be12a7699c13123cf081c72c974688fb4faba82be129ef367 ],
+# - Elliptic Curve parameters: [ secp256r1 [ NIST P-256, X9.62 prime256v1 ] (1.2.840.10045.3.1.7) ]
+ public_x: "${LWM2M_SERVER_PUBLIC_X:b47a14ea87ab31cce28f24df0ae0a4cfcdb845134bcd088f2fac393b4d4843d1}"
+ public_y: "${LWM2M_SERVER_PUBLIC_Y:40ebc1bfd8f5e0ec402fb8308c5c07bc380783276a385f89ef0da0b1a2545c25}"
+ private_s: "${LWM2M_SERVER_PRIVATE_S:b65b265abfb9e67be12a7699c13123cf081c72c974688fb4faba82be129ef367}"
+ # Only Certificate_x509:
alias: "${LWM2M_KEYSTORE_ALIAS_SERVER:server}"
bootstrap:
enable: "${LWM2M_BOOTSTRAP_ENABLED:true}"
@@ -617,10 +620,10 @@ transport:
bind_address_security: "${LWM2M_BIND_ADDRESS_BS:0.0.0.0}"
bind_port_security: "${LWM2M_BIND_PORT_SEC_BS:5688}"
# Only for RPK: Public & Private Key. If the keystore file is missing or not working
- public_x: "${LWM2M_SERVER_PUBLIC_X_BS:993ef2b698c6a9c0c1d8be78b13a9383c0854c7c7c7a504d289b403794648183}"
- public_y: "${LWM2M_SERVER_PUBLIC_Y_BS:267412d5fc4e5ceb2257cb7fd7f76ebdac2fa9aa100afb162e990074cc0bfaa2}"
- private_s: "${LWM2M_SERVER_PRIVATE_S_BS:9dbdbb073fc63570693a9aaf1013414e261c571f27e27fc6a8c1c2ad9347875a}"
- # Only Certificate_x509:
+ public_x: "${LWM2M_SERVER_PUBLIC_X_BS:f6e4e77f76296472bd72acfb6b2dd26fd858042f9075b44b45e2ebeb41cae387}"
+ public_y: "${LWM2M_SERVER_PUBLIC_Y_BS:3e97534c6b833639f71916041b0596ecd616748d81174d19c59ef02bbb21c822}"
+ private_s: "${LWM2M_SERVER_PRIVATE_S_BS:3e97534c6b833639f71916041b0596ecd616748d81174d19c59ef02bbb21c822}"
+ # Only Certificate_x509:
alias: "${LWM2M_KEYSTORE_ALIAS_BOOTSTRAP:bootstrap}"
# Redis
redis_url: "${LWM2M_REDIS_URL:''}"
diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java
index ecc8e7c83e..80d3187cc0 100644
--- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java
+++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java
@@ -52,7 +52,15 @@ import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256;
import static org.thingsboard.server.transport.lwm2m.server.LwM2MTransportHandler.getCoapConfig;
@@ -62,6 +70,7 @@ import static org.thingsboard.server.transport.lwm2m.server.LwM2MTransportHandle
public class LwM2MTransportBootstrapServerConfiguration {
private PublicKey publicKey;
private PrivateKey privateKey;
+ private boolean pskMode = false;
@Autowired
private LwM2MTransportContextBootstrap contextBs;
@@ -105,9 +114,24 @@ public class LwM2MTransportBootstrapServerConfiguration {
/** Create and Set DTLS Config */
DtlsConnectorConfig.Builder dtlsConfig = new DtlsConnectorConfig.Builder();
- dtlsConfig.setRecommendedSupportedGroupsOnly(!this.contextS.getCtxServer().isRecommendedSupportedGroups());
+ dtlsConfig.setRecommendedSupportedGroupsOnly(this.contextS.getCtxServer().isRecommendedSupportedGroups());
dtlsConfig.setRecommendedCipherSuitesOnly(this.contextS.getCtxServer().isRecommendedCiphers());
- dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ if (this.pskMode) {
+ dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256);
+ }
+ else {
+// dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+ }
/** Set DTLS Config */
builder.setDtlsConfig(dtlsConfig);
@@ -133,14 +157,16 @@ public class LwM2MTransportBootstrapServerConfiguration {
/** by default trust all */
builder.setTrustedCertificates(new X509Certificate[0]);
}
- } else if (this.setServerRPK(builder)) {
- this.infoParamsServerRPK();
- } else {
- /** by default trust all */
- builder.setTrustedCertificates(new X509Certificate[0]);
- log.info("Unable to load X509 files for BootStrapServer");
- this.infoParamsServerPSK();
}
+ } else if (this.setServerRPK(builder)) {
+ this.infoPramsUri("RPK");
+ this.infoParamsBootstrapServerKey(this.publicKey, this.privateKey);
+ } else {
+ /** by default trust all */
+ builder.setTrustedCertificates(new X509Certificate[0]);
+ log.info("Unable to load X509 files for BootStrapServer");
+ this.pskMode = true;
+ this.infoPramsUri("PSK");
}
} catch (KeyStoreException ex) {
log.error("[{}] Unable to load X509 files server", ex.getMessage());
@@ -175,15 +201,23 @@ public class LwM2MTransportBootstrapServerConfiguration {
private void infoParamsServerX509(X509Certificate certificate, PublicKey publicKey, PrivateKey privateKey) {
try {
- log.info("Bootstrap Server uses X509 : \n X509 Certificate (Hex): [{}] \n Public Key (Hex): [{}] \n Private Key (Hex): [{}]",
- Hex.encodeHexString(certificate.getEncoded()),
- Hex.encodeHexString(publicKey.getEncoded()),
- Hex.encodeHexString(privateKey.getEncoded()));
+ this.infoPramsUri("X509");
+ log.info("\n- X509 Certificate (Hex): [{}]",
+ Hex.encodeHexString(certificate.getEncoded()));
+ this.infoParamsBootstrapServerKey(publicKey, privateKey);
} catch (CertificateEncodingException e) {
log.error("", e);
}
}
+ private void infoPramsUri(String mode) {
+ log.info("Bootstrap Server uses [{}]: serverNoSecureURI : [{}], serverSecureURI : [{}]",
+ mode,
+ this.contextBs.getCtxBootStrap().getBootstrapHost() + ":" + this.contextBs.getCtxBootStrap().getBootstrapPortNoSec(),
+ this.contextBs.getCtxBootStrap().getBootstrapHostSecurity() + ":" + this.contextBs.getCtxBootStrap().getBootstrapPortSecurity());
+ }
+
+
private boolean setServerRPK(LeshanBootstrapServerBuilder builder) {
try {
this.generateKeyForBootstrapRPK();
@@ -231,41 +265,31 @@ public class LwM2MTransportBootstrapServerConfiguration {
}
}
- private void infoParamsServerRPK() {
+ private void infoParamsBootstrapServerKey(PublicKey publicKey, PrivateKey privateKey) {
/** Get x coordinate */
- byte[] x = ((ECPublicKey) this.publicKey).getW().getAffineX().toByteArray();
+ byte[] x = ((ECPublicKey) publicKey).getW().getAffineX().toByteArray();
if (x[0] == 0)
x = Arrays.copyOfRange(x, 1, x.length);
/** Get Y coordinate */
- byte[] y = ((ECPublicKey) this.publicKey).getW().getAffineY().toByteArray();
+ byte[] y = ((ECPublicKey) publicKey).getW().getAffineY().toByteArray();
if (y[0] == 0)
y = Arrays.copyOfRange(y, 1, y.length);
/** Get Curves params */
- String params = ((ECPublicKey) this.publicKey).getParams().toString();
- String privHex = Hex.encodeHexString(this.privateKey.getEncoded());
- log.info("Server uses RPK -> serverNoSecureURI : [{}], serverSecureURI : [{}], \n" +
- "Public Key (Hex): [{}] \n" +
- "Private Key (Hex): [{}], \n" +
- "- public_x : [{}] \n" +
- "- public_y : [{}] \n" +
- "- private_s : [{}] \n" +
+ String params = ((ECPublicKey) publicKey).getParams().toString();
+ String privHex = Hex.encodeHexString(privateKey.getEncoded());
+ log.info("\n- Public Key (Hex): [{}] \n" +
+ "- Private Key (Hex): [{}], \n" +
+ "public_x: \"${LWM2M_SERVER_PUBLIC_X_BS:{}}\" \n" +
+ "public_y: \"${LWM2M_SERVER_PUBLIC_Y_BS:{}}\" \n" +
+ "private_s: \"${LWM2M_SERVER_PRIVATE_S_BS:{}}\" \n" +
"- Elliptic Curve parameters : [{}]",
- this.contextBs.getCtxBootStrap().getBootstrapHost() + ":" + this.contextBs.getCtxBootStrap().getBootstrapPortNoSec(),
- this.contextBs.getCtxBootStrap().getBootstrapHostSecurity() + ":" + this.contextBs.getCtxBootStrap().getBootstrapPortSecurity(),
- Hex.encodeHexString(this.publicKey.getEncoded()),
- Hex.encodeHexString(this.privateKey.getEncoded()),
+ Hex.encodeHexString(publicKey.getEncoded()),
+ Hex.encodeHexString(privateKey.getEncoded()),
Hex.encodeHexString(x),
Hex.encodeHexString(y),
privHex.substring(privHex.length() - 64),
params);
}
-
- private void infoParamsServerPSK() {
- log.info("Server uses PSK -> serverNoSecureURI : [{}], serverSecureURI : [{}]",
- this.contextBs.getCtxBootStrap().getBootstrapHost() + ":" + this.contextBs.getCtxBootStrap().getBootstrapPortNoSec(),
- this.contextBs.getCtxBootStrap().getBootstrapHostSecurity() + ":" + this.contextBs.getCtxBootStrap().getBootstrapPortSecurity());
- }
-
}
diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java
index 48ff2adc51..fbe25028f1 100644
--- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java
+++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java
@@ -19,7 +19,6 @@ import lombok.extern.slf4j.Slf4j;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeDecoder;
import org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeEncoder;
-import org.eclipse.leshan.core.node.codec.LwM2mNodeDecoder;
import org.eclipse.leshan.core.util.Hex;
import org.eclipse.leshan.server.californium.LeshanServer;
import org.eclipse.leshan.server.californium.LeshanServerBuilder;
@@ -54,7 +53,15 @@ import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256;
import static org.thingsboard.server.transport.lwm2m.server.LwM2MTransportHandler.getCoapConfig;
@@ -64,6 +71,7 @@ import static org.thingsboard.server.transport.lwm2m.server.LwM2MTransportHandle
public class LwM2MTransportServerConfiguration {
private PublicKey publicKey;
private PrivateKey privateKey;
+ private boolean pskMode = false;
@Autowired
private LwM2MTransportContextServer context;
@@ -81,9 +89,8 @@ public class LwM2MTransportServerConfiguration {
LeshanServerBuilder builder = new LeshanServerBuilder();
builder.setLocalAddress(this.context.getCtxServer().getServerHost(), serverPortNoSec);
builder.setLocalSecureAddress(this.context.getCtxServer().getServerHostSecurity(), serverSecurePort);
- builder.setEncoder(new DefaultLwM2mNodeEncoder());
- LwM2mNodeDecoder decoder = new DefaultLwM2mNodeDecoder();
- builder.setDecoder(decoder);
+ builder.setDecoder(new DefaultLwM2mNodeDecoder());
+ /** Use a magic converter to support bad type send by the UI. */
builder.setEncoder(new DefaultLwM2mNodeEncoder(LwM2mValueConverterImpl.getInstance()));
/** Create CoAP Config */
@@ -102,17 +109,30 @@ public class LwM2MTransportServerConfiguration {
/** Create DTLS Config */
DtlsConnectorConfig.Builder dtlsConfig = new DtlsConnectorConfig.Builder();
- dtlsConfig.setRecommendedSupportedGroupsOnly(!this.context.getCtxServer().isRecommendedSupportedGroups());
+ dtlsConfig.setRecommendedSupportedGroupsOnly(this.context.getCtxServer().isRecommendedSupportedGroups());
dtlsConfig.setRecommendedCipherSuitesOnly(this.context.getCtxServer().isRecommendedCiphers());
- dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ if (this.pskMode) {
+ dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256);
+ }
+ else {
+// dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256,
+// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+ }
+
/** Set DTLS Config */
builder.setDtlsConfig(dtlsConfig);
- /** Use a magic converter to support bad type send by the UI. */
- builder.setEncoder(new DefaultLwM2mNodeEncoder(LwM2mValueConverterImpl.getInstance()));
-
-
/** Create LWM2M server */
return builder.build();
}
@@ -138,14 +158,16 @@ public class LwM2MTransportServerConfiguration {
return endpoint.startsWith(expectedX509CommonName);
}
}));
- } else if (this.setServerRPK(builder)) {
- this.infoParamsServerRPK();
- } else {
- /** by default trust all */
- builder.setTrustedCertificates(new X509Certificate[0]);
- log.info("Unable to load X509 files for LWM2MServer");
- this.infoParamsServerPSK();
}
+ } else if (this.setServerRPK(builder)) {
+ this.infoPramsUri("RPK");
+ this.infoParamsServerKey(this.publicKey, this.privateKey);
+ } else {
+ /** by default trust all */
+ builder.setTrustedCertificates(new X509Certificate[0]);
+ log.info("Unable to load X509 files for LWM2MServer");
+ this.pskMode = true;
+ this.infoPramsUri("PSK");
}
} catch (KeyStoreException ex) {
log.error("[{}] Unable to load X509 files server", ex.getMessage());
@@ -169,8 +191,7 @@ public class LwM2MTransportServerConfiguration {
builder.setCertificateChain(new X509Certificate[]{serverCertificate});
this.infoParamsServerX509(serverCertificate, publicKey, privateKey);
return true;
- }
- else {
+ } else {
return false;
}
} catch (Exception ex) {
@@ -181,15 +202,22 @@ public class LwM2MTransportServerConfiguration {
private void infoParamsServerX509(X509Certificate certificate, PublicKey publicKey, PrivateKey privateKey) {
try {
- log.info("Server uses X509 : \n X509 Certificate (Hex): [{}] \n Public Key (Hex): [{}] \n Private Key (Hex): [{}]",
- Hex.encodeHexString(certificate.getEncoded()),
- Hex.encodeHexString(publicKey.getEncoded()),
- Hex.encodeHexString(privateKey.getEncoded()));
+ infoPramsUri("X509");
+ log.info("\n- X509 Certificate (Hex): [{}]",
+ Hex.encodeHexString(certificate.getEncoded()));
+ this.infoParamsServerKey(publicKey, privateKey);
} catch (CertificateEncodingException e) {
log.error("", e);
}
}
+ private void infoPramsUri(String mode) {
+ log.info("Server uses [{}]: serverNoSecureURI : [{}], serverSecureURI : [{}]",
+ mode,
+ this.context.getCtxServer().getServerHost() + ":" + this.context.getCtxServer().getServerPortNoSec(),
+ this.context.getCtxServer().getServerHostSecurity() + ":" + this.context.getCtxServer().getServerPortSecurity());
+ }
+
private boolean setServerRPK(LeshanServerBuilder builder) {
try {
this.generateKeyForRPK();
@@ -207,7 +235,7 @@ public class LwM2MTransportServerConfiguration {
/**
- * From yml^ server
+ * From yml: server
* public_x: "${LWM2M_SERVER_PUBLIC_X:405354ea8893471d9296afbc8b020a5c6201b0bb25812a53b849d4480fa5f069}"
* public_y: "${LWM2M_SERVER_PUBLIC_Y:30c9237e946a3a1692c1cafaa01a238a077f632c99371348337512363f28212b}"
* private_s: "${LWM2M_SERVER_PRIVATE_S:274671fe40ce937b8a6352cf0a418e8a39e4bf0bb9bf74c910db953c20c73802}"
@@ -241,41 +269,32 @@ public class LwM2MTransportServerConfiguration {
}
}
- private void infoParamsServerRPK() {
+ private void infoParamsServerKey(PublicKey publicKey, PrivateKey privateKey) {
/** Get x coordinate */
- byte[] x = ((ECPublicKey) this.publicKey).getW().getAffineX().toByteArray();
+ byte[] x = ((ECPublicKey) publicKey).getW().getAffineX().toByteArray();
if (x[0] == 0)
x = Arrays.copyOfRange(x, 1, x.length);
/** Get Y coordinate */
- byte[] y = ((ECPublicKey) this.publicKey).getW().getAffineY().toByteArray();
+ byte[] y = ((ECPublicKey) publicKey).getW().getAffineY().toByteArray();
if (y[0] == 0)
y = Arrays.copyOfRange(y, 1, y.length);
/** Get Curves params */
- String params = ((ECPublicKey) this.publicKey).getParams().toString();
- String privHex = Hex.encodeHexString(this.privateKey.getEncoded());
- log.info("Server uses RPK -> serverNoSecureURI : [{}], serverSecureURI : [{}], \n" +
- "Public Key (Hex): [{}] \n" +
- "Private Key (Hex): [{}], \n" +
- "- public_x : [{}] \n" +
- "- public_y : [{}] \n" +
- "- private_s : [{}] \n" +
+ String params = ((ECPublicKey) publicKey).getParams().toString();
+ String privHex = Hex.encodeHexString(privateKey.getEncoded());
+ log.info(" \n- Public Key (Hex): [{}] \n" +
+ "- Private Key (Hex): [{}], \n" +
+ "public_x: \"${LWM2M_SERVER_PUBLIC_X:{}}\" \n" +
+ "public_y: \"${LWM2M_SERVER_PUBLIC_Y:{}}\" \n" +
+ "private_s: \"${LWM2M_SERVER_PRIVATE_S:{}}\" \n" +
"- Elliptic Curve parameters : [{}]",
- this.context.getCtxServer().getServerHost() + ":" + this.context.getCtxServer().getServerPortNoSec(),
- this.context.getCtxServer().getServerHostSecurity() + ":" + this.context.getCtxServer().getServerPortSecurity(),
- Hex.encodeHexString(this.publicKey.getEncoded()),
- Hex.encodeHexString(this.privateKey.getEncoded()),
+ Hex.encodeHexString(publicKey.getEncoded()),
+ privHex,
Hex.encodeHexString(x),
Hex.encodeHexString(y),
privHex.substring(privHex.length() - 64),
params);
}
- private void infoParamsServerPSK() {
- log.info("Server uses PSK -> serverNoSecureURI : [{}], serverSecureURI : [{}]",
- this.context.getCtxServer().getServerHost() + ":" + Integer.toString(this.context.getCtxServer().getServerPortNoSec()),
- this.context.getCtxServer().getServerHostSecurity() + ":" + Integer.toString(this.context.getCtxServer().getServerPortSecurity()));
- }
-
}
diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerInitializer.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerInitializer.java
index b62287a845..2805fd7f91 100644
--- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerInitializer.java
+++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerInitializer.java
@@ -41,7 +41,7 @@ public class LwM2MTransportServerInitializer {
@PostConstruct
public void init() {
- if (this.context.getCtxServer().getEnableGenPskRpk()) {
+ if (this.context.getCtxServer().getEnableGenNewKeyPskRpk()) {
new LWM2MGenerationPSkRPkECC();
}
this.startLhServer();
diff --git a/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks b/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks
index 5fcb65d351..9f6748f8fd 100644
Binary files a/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks and b/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks differ
diff --git a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
index 3167cca2b5..dcf38b4f10 100755
--- a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
+++ b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
# Copyright © 2016-2021 The Thingsboard Authors
#
@@ -15,77 +15,35 @@
# limitations under the License.
#
-#p) CLIENT_CN=LwX50900000000
+#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password
+
+#p) CLIENT_CN=$CLIENT_PREFIX00000000
#s) client_start=0
#f) client_finish=1
-#a) CLIENT_ALIAS=client_alias_00000000
+#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000
+#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000
#b) BOOTSTRAP_ALIAS=bootstrap
#d) SERVER_ALIAS=server
#j) SERVER_STORE=serverKeyStore.jks
#k) CLIENT_STORE=clientKeyStore.jks
#c) CLIENT_STORE_PWD=client_ks_password
#w) SERVER_STORE_PWD=server_ks_password
+#l) ROOT_KEY_ALIAS=root_key_alias
-#while test $# -gt 0; do
-# case "$1" in
-# -h|--help)
-# echo "$package - attempt to capture frames"
-# echo " "
-# echo "$package [options] application [arguments]"
-# echo " "
-# echo "options:"
-# echo "-h, --help show brief help"
-# echo "-a, --action=ACTION specify an action to use"
-# echo "-o, --output-dir=DIR specify a directory to store output in"
-# exit 0
-# ;;
-# -a)
-# shift
-# if test $# -gt 0; then
-# export PROCESS=$1
-# else
-# echo "no process specified"
-# exit 1
-# fi
-# shift
-# ;;
-# --action*)
-# export PROCESS=`echo $1 | sed -e 's/^[^=]*=//g'`
-# shift
-# ;;
-# -o)
-# shift
-# if test $# -gt 0; then
-# export OUTPUT=$1
-# else
-# echo "no output dir specified"
-# exit 1
-# fi
-# shift
-# ;;
-# --output-dir*)
-# export OUTPUT=`echo $1 | sed -e 's/^[^=]*=//g'`
-# shift
-# ;;
-# *)
-# break
-# ;;
-# esac
-#done
-
-
-while getopts p:s:f:a:b:d:j:k:c:w: flag; do
+while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do
case "${flag}" in
- p) client_prefix=${OPTARG} ;;
+ p) client_pref=${OPTARG} ;;
s) client_start=${OPTARG} ;;
f) client_finish=${OPTARG} ;;
- a) client_alias=${OPTARG} ;;
+ a) client_alias_pref=${OPTARG} ;;
+ e) client_self_alias_pref=${OPTARG} ;;
b) bootstrap_alias=${OPTARG} ;;
d) server_alias=${OPTARG} ;;
j) key_store_server_file=${OPTARG} ;;
k) key_store_client_file=${OPTARG} ;;
c) client_key_store_pwd=${OPTARG} ;;
w) server_key_store_pwd=${OPTARG} ;;
+ w) root_key_alias=${OPTARG} ;;
esac
done
@@ -96,9 +54,8 @@ cd $script_dir
# source the properties:
. ./lwM2M_keygen.properties
-
-if [ -n "$client_prefix" ]; then
- CLIENT_PREFIX=$client_prefix
+if [ -n "$client_pref" ]; then
+ CLIENT_PREFIX=$client_pref
fi
if [ -z "$client_start" ]; then
@@ -109,8 +66,12 @@ if [ -z "$client_finish" ]; then
client_finish=1
fi
-if [ -n "$client_alias" ]; then
- CLIENT_ALIAS=$client_alias
+if [ -n "$client_alias_pref" ]; then
+ CLIENT_ALIAS_PREFIX=$client_alias_pref
+fi
+
+if [ -n "$client_self_alias_pref" ]; then
+ CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref
fi
if [ -n "$bootstrap_alias" ]; then
@@ -137,23 +98,37 @@ if [ -n "$server_key_store_pwd" ]; then
SERVER_STORE_PWD=$server_key_store_pwd
fi
+if [ -n "$root_key_alias" ]; then
+ ROOT_KEY_ALIAS=$root_key_alias
+fi
+
+CLIENT_NUMBER=$client_start
+
echo "==Start=="
echo "CLIENT_PREFIX: $CLIENT_PREFIX"
echo "client_start: $client_start"
echo "client_finish: $client_finish"
-echo "CLIENT_ALIAS: $CLIENT_ALIAS"
+echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX"
+echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX"
echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS"
echo "SERVER_ALIAS: $SERVER_ALIAS"
echo "SERVER_STORE: $SERVER_STORE"
echo "CLIENT_STORE: $CLIENT_STORE"
echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD"
echo "SERVER_STORE_PWD: $SERVER_STORE_PWD"
+echo "CLIENT_NUMBER: $CLIENT_NUMBER"
+echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS"
end_point() {
echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
}
+
client_alias_point() {
- echo "$CLIENT_ALIAS$(printf "%08d" $CLIENT_NUMBER)"
+ echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
+}
+
+client_self_alias_point() {
+ echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
}
# Generation of the keystore.
@@ -264,73 +239,30 @@ keytool \
-keystore $SERVER_STORE \
-storepass $SERVER_STORE_PWD
-echo
-echo "${H1}Client Keystore : ${RESET}"
-echo "${H1}==================${RESET}"
-#echo "${H2}Creating client key and self-signed certificate with expected CN...${RESET}"
-#keytool \
-# -genkeypair \
-# -alias $CLIENT_ALIAS \
-# -keyalg EC \
-# -dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-# -validity $VALIDITY \
-# -storetype $STORETYPE \
-# -keypass $CLIENT_STORE_PWD \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD
-#keytool \
-# -exportcert \
-# -alias $CLIENT_ALIAS \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD | \
-# keytool \
-# -importcert \
-# -alias $CLIENT_SELF_ALIAS \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD \
-# -noprompt
-
-echo
-echo "${H2}Import root certificate just to be able to import need by root CA with expected CN...${RESET}"
-keytool \
- -exportcert \
- -alias $ROOT_KEY_ALIAS \
- -keystore $SERVER_STORE \
- -storepass $SERVER_STORE_PWD |
+if [ "$client_start" -lt "$client_finish" ]; then
+ echo
+ echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}"
keytool \
- -importcert \
+ -exportcert \
-alias $ROOT_KEY_ALIAS \
- -keystore $CLIENT_STORE \
- -storepass $CLIENT_STORE_PWD \
- -noprompt
-
-#echo
-#echo "${H2}Creating client certificate signed by root CA with expected CN...${RESET}"
-#keytool \
-# -certreq \
-# -alias $CLIENT_ALIAS \
-# -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD | \
-# keytool \
-# -gencert \
-# -alias $ROOT_KEY_ALIAS \
-# -keystore $SERVER_STORE \
-# -storepass $SERVER_STORE_PWD \
-# -storetype $STORETYPE \
-# -validity $VALIDITY | \
-# keytool \
-# -importcert \
-# -alias $CLIENT_ALIAS \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD \
-# -noprompt
+ -keystore $SERVER_STORE \
+ -storepass $SERVER_STORE_PWD |
+ keytool \
+ -importcert \
+ -alias $ROOT_KEY_ALIAS \
+ -keystore $CLIENT_STORE \
+ -storepass $CLIENT_STORE_PWD \
+ -noprompt
+fi
cert_end_point() {
- echo "${H2}Creating client key and self-signed certificate with expected CN $CLIENT_SELF_CN ${RESET}"
+ echo
+ echo "${H1}Client Keystore : ${RESET}"
+ echo "${H1}==================${RESET}"
+ echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}"
keytool \
-genkeypair \
- -alias $CLIENT_CN_ALIAS \
+ -alias $CLIENT_ALIAS \
-keyalg EC \
-dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-validity $VALIDITY \
@@ -340,7 +272,7 @@ cert_end_point() {
-storepass $CLIENT_STORE_PWD
keytool \
-exportcert \
- -alias $CLIENT_CN_ALIAS \
+ -alias $CLIENT_ALIAS \
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD |
keytool \
@@ -349,13 +281,28 @@ cert_end_point() {
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD \
-noprompt
+#
+# echo
+# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}"
+# keytool \
+# -exportcert \
+# -alias $ROOT_KEY_ALIAS \
+# -keystore $SERVER_STORE \
+# -storepass $SERVER_STORE_PWD |
+# keytool \
+# -importcert \
+# -alias $ROOT_KEY_ALIAS \
+# -keystore $CLIENT_STORE \
+# -storepass $CLIENT_STORE_PWD \
+# -noprompt
+#
echo
- echo "${H2}Creating client certificate signed by root CA with expected $CLIENT_CN_NAME ${RESET}"
+ echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}"
keytool \
-certreq \
- -alias $CLIENT_CN_ALIAS \
- -dname "CN=$CLIENT_CN_NAME, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
+ -alias $CLIENT_ALIAS \
+ -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD |
keytool \
@@ -367,22 +314,30 @@ cert_end_point() {
-validity $VALIDITY |
keytool \
-importcert \
- -alias $CLIENT_CN_ALIAS \
+ -alias $CLIENT_ALIAS \
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD \
-noprompt
}
-while [ "$CLIENT_NUMBER" != "$client_finish" ]; do
- CLIENT_CN_NAME=$(end_point)
- CLIENT_CN_ALIAS=$(client_alias_point)
- echo "$CLIENT_CN_NAME"
- echo "$CLIENT_CN_ALIAS"
- cert_end_point
- CLIENT_NUMBER=$(($CLIENT_NUMBER + 1))
- echo "number $CLIENT_NUMBER"
- echo "finish $client_finish"
-done
+if [ "$client_start" -lt "$client_finish" ]; then
+ echo "Файл содержит, как минимум, одно слово Bash."
+ echo
+ echo "==Start Client=="
+ while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do
+ echo "number $CLIENT_NUMBER"
+ echo "finish $client_finish"
+ CLIENT_CN=$(end_point)
+ CLIENT_ALIAS=$(client_alias_point)
+ CLIENT_SELF_ALIAS=$(client_self_alias_point)
+ echo "CLIENT_CN $CLIENT_CN"
+ echo "CLIENT_ALIAS $CLIENT_ALIAS"
+ echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS"
+ cert_end_point
+ CLIENT_NUMBER=$(($CLIENT_NUMBER + 1))
+ echo
+ done
+fi
echo
echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
@@ -393,11 +348,13 @@ keytool \
-deststoretype pkcs12 \
-srcstorepass $SERVER_STORE_PWD
-echo
-echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
-keytool \
- -importkeystore \
- -srckeystore $CLIENT_STORE \
- -destkeystore $CLIENT_STORE \
- -deststoretype pkcs12 \
- -srcstorepass $CLIENT_STORE_PWD
+if [ "$client_start" -lt "$client_finish" ]; then
+ echo
+ echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
+ keytool \
+ -importkeystore \
+ -srckeystore $CLIENT_STORE \
+ -destkeystore $CLIENT_STORE \
+ -deststoretype pkcs12 \
+ -srcstorepass $CLIENT_STORE_PWD
+fi
diff --git a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties
index 18f851e4dd..7b3cd9c09a 100644
--- a/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties
+++ b/common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_keygen.properties
@@ -41,9 +41,9 @@ BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed"
# Client
CLIENT_STORE=clientKeyStore1.jks
CLIENT_STORE_PWD=client_ks_password1
-CLIENT_ALIAS=client_alias_1
-CLIENT_PREFIX=LwX509_
-CLIENT_SELF_ALIAS=client_self_signed
+CLIENT_ALIAS_PREFIX=client_alias_1
+CLIENT_PREFIX=LwX509___
+CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1
CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed"
# Color output stuff
diff --git a/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/lwm2m/LwM2MTransportConfigServer.java b/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/lwm2m/LwM2MTransportConfigServer.java
index 9894cb79ea..0d4df60248 100644
--- a/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/lwm2m/LwM2MTransportConfigServer.java
+++ b/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/lwm2m/LwM2MTransportConfigServer.java
@@ -147,8 +147,8 @@ public class LwM2MTransportConfigServer {
private String rootAlias;
@Getter
- @Value("${transport.lwm2m.secure.enable_gen_psk_rpk:}")
- private Boolean enableGenPskRpk;
+ @Value("${transport.lwm2m.secure.enable_gen_new_key_psk_rpk:}")
+ private Boolean enableGenNewKeyPskRpk;
@Getter
@Value("${transport.lwm2m.server.id:}")
diff --git a/transport/lwm2m/src/main/data/credentials/serverKeyStore.jks b/transport/lwm2m/src/main/data/credentials/serverKeyStore.jks
index 5fcb65d351..9f6748f8fd 100644
Binary files a/transport/lwm2m/src/main/data/credentials/serverKeyStore.jks and b/transport/lwm2m/src/main/data/credentials/serverKeyStore.jks differ
diff --git a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh
index 3167cca2b5..dcf38b4f10 100755
--- a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh
+++ b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_credentials.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
# Copyright © 2016-2021 The Thingsboard Authors
#
@@ -15,77 +15,35 @@
# limitations under the License.
#
-#p) CLIENT_CN=LwX50900000000
+#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password
+
+#p) CLIENT_CN=$CLIENT_PREFIX00000000
#s) client_start=0
#f) client_finish=1
-#a) CLIENT_ALIAS=client_alias_00000000
+#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000
+#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000
#b) BOOTSTRAP_ALIAS=bootstrap
#d) SERVER_ALIAS=server
#j) SERVER_STORE=serverKeyStore.jks
#k) CLIENT_STORE=clientKeyStore.jks
#c) CLIENT_STORE_PWD=client_ks_password
#w) SERVER_STORE_PWD=server_ks_password
+#l) ROOT_KEY_ALIAS=root_key_alias
-#while test $# -gt 0; do
-# case "$1" in
-# -h|--help)
-# echo "$package - attempt to capture frames"
-# echo " "
-# echo "$package [options] application [arguments]"
-# echo " "
-# echo "options:"
-# echo "-h, --help show brief help"
-# echo "-a, --action=ACTION specify an action to use"
-# echo "-o, --output-dir=DIR specify a directory to store output in"
-# exit 0
-# ;;
-# -a)
-# shift
-# if test $# -gt 0; then
-# export PROCESS=$1
-# else
-# echo "no process specified"
-# exit 1
-# fi
-# shift
-# ;;
-# --action*)
-# export PROCESS=`echo $1 | sed -e 's/^[^=]*=//g'`
-# shift
-# ;;
-# -o)
-# shift
-# if test $# -gt 0; then
-# export OUTPUT=$1
-# else
-# echo "no output dir specified"
-# exit 1
-# fi
-# shift
-# ;;
-# --output-dir*)
-# export OUTPUT=`echo $1 | sed -e 's/^[^=]*=//g'`
-# shift
-# ;;
-# *)
-# break
-# ;;
-# esac
-#done
-
-
-while getopts p:s:f:a:b:d:j:k:c:w: flag; do
+while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do
case "${flag}" in
- p) client_prefix=${OPTARG} ;;
+ p) client_pref=${OPTARG} ;;
s) client_start=${OPTARG} ;;
f) client_finish=${OPTARG} ;;
- a) client_alias=${OPTARG} ;;
+ a) client_alias_pref=${OPTARG} ;;
+ e) client_self_alias_pref=${OPTARG} ;;
b) bootstrap_alias=${OPTARG} ;;
d) server_alias=${OPTARG} ;;
j) key_store_server_file=${OPTARG} ;;
k) key_store_client_file=${OPTARG} ;;
c) client_key_store_pwd=${OPTARG} ;;
w) server_key_store_pwd=${OPTARG} ;;
+ w) root_key_alias=${OPTARG} ;;
esac
done
@@ -96,9 +54,8 @@ cd $script_dir
# source the properties:
. ./lwM2M_keygen.properties
-
-if [ -n "$client_prefix" ]; then
- CLIENT_PREFIX=$client_prefix
+if [ -n "$client_pref" ]; then
+ CLIENT_PREFIX=$client_pref
fi
if [ -z "$client_start" ]; then
@@ -109,8 +66,12 @@ if [ -z "$client_finish" ]; then
client_finish=1
fi
-if [ -n "$client_alias" ]; then
- CLIENT_ALIAS=$client_alias
+if [ -n "$client_alias_pref" ]; then
+ CLIENT_ALIAS_PREFIX=$client_alias_pref
+fi
+
+if [ -n "$client_self_alias_pref" ]; then
+ CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref
fi
if [ -n "$bootstrap_alias" ]; then
@@ -137,23 +98,37 @@ if [ -n "$server_key_store_pwd" ]; then
SERVER_STORE_PWD=$server_key_store_pwd
fi
+if [ -n "$root_key_alias" ]; then
+ ROOT_KEY_ALIAS=$root_key_alias
+fi
+
+CLIENT_NUMBER=$client_start
+
echo "==Start=="
echo "CLIENT_PREFIX: $CLIENT_PREFIX"
echo "client_start: $client_start"
echo "client_finish: $client_finish"
-echo "CLIENT_ALIAS: $CLIENT_ALIAS"
+echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX"
+echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX"
echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS"
echo "SERVER_ALIAS: $SERVER_ALIAS"
echo "SERVER_STORE: $SERVER_STORE"
echo "CLIENT_STORE: $CLIENT_STORE"
echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD"
echo "SERVER_STORE_PWD: $SERVER_STORE_PWD"
+echo "CLIENT_NUMBER: $CLIENT_NUMBER"
+echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS"
end_point() {
echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
}
+
client_alias_point() {
- echo "$CLIENT_ALIAS$(printf "%08d" $CLIENT_NUMBER)"
+ echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
+}
+
+client_self_alias_point() {
+ echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)"
}
# Generation of the keystore.
@@ -264,73 +239,30 @@ keytool \
-keystore $SERVER_STORE \
-storepass $SERVER_STORE_PWD
-echo
-echo "${H1}Client Keystore : ${RESET}"
-echo "${H1}==================${RESET}"
-#echo "${H2}Creating client key and self-signed certificate with expected CN...${RESET}"
-#keytool \
-# -genkeypair \
-# -alias $CLIENT_ALIAS \
-# -keyalg EC \
-# -dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-# -validity $VALIDITY \
-# -storetype $STORETYPE \
-# -keypass $CLIENT_STORE_PWD \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD
-#keytool \
-# -exportcert \
-# -alias $CLIENT_ALIAS \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD | \
-# keytool \
-# -importcert \
-# -alias $CLIENT_SELF_ALIAS \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD \
-# -noprompt
-
-echo
-echo "${H2}Import root certificate just to be able to import need by root CA with expected CN...${RESET}"
-keytool \
- -exportcert \
- -alias $ROOT_KEY_ALIAS \
- -keystore $SERVER_STORE \
- -storepass $SERVER_STORE_PWD |
+if [ "$client_start" -lt "$client_finish" ]; then
+ echo
+ echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}"
keytool \
- -importcert \
+ -exportcert \
-alias $ROOT_KEY_ALIAS \
- -keystore $CLIENT_STORE \
- -storepass $CLIENT_STORE_PWD \
- -noprompt
-
-#echo
-#echo "${H2}Creating client certificate signed by root CA with expected CN...${RESET}"
-#keytool \
-# -certreq \
-# -alias $CLIENT_ALIAS \
-# -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD | \
-# keytool \
-# -gencert \
-# -alias $ROOT_KEY_ALIAS \
-# -keystore $SERVER_STORE \
-# -storepass $SERVER_STORE_PWD \
-# -storetype $STORETYPE \
-# -validity $VALIDITY | \
-# keytool \
-# -importcert \
-# -alias $CLIENT_ALIAS \
-# -keystore $CLIENT_STORE \
-# -storepass $CLIENT_STORE_PWD \
-# -noprompt
+ -keystore $SERVER_STORE \
+ -storepass $SERVER_STORE_PWD |
+ keytool \
+ -importcert \
+ -alias $ROOT_KEY_ALIAS \
+ -keystore $CLIENT_STORE \
+ -storepass $CLIENT_STORE_PWD \
+ -noprompt
+fi
cert_end_point() {
- echo "${H2}Creating client key and self-signed certificate with expected CN $CLIENT_SELF_CN ${RESET}"
+ echo
+ echo "${H1}Client Keystore : ${RESET}"
+ echo "${H1}==================${RESET}"
+ echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}"
keytool \
-genkeypair \
- -alias $CLIENT_CN_ALIAS \
+ -alias $CLIENT_ALIAS \
-keyalg EC \
-dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-validity $VALIDITY \
@@ -340,7 +272,7 @@ cert_end_point() {
-storepass $CLIENT_STORE_PWD
keytool \
-exportcert \
- -alias $CLIENT_CN_ALIAS \
+ -alias $CLIENT_ALIAS \
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD |
keytool \
@@ -349,13 +281,28 @@ cert_end_point() {
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD \
-noprompt
+#
+# echo
+# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}"
+# keytool \
+# -exportcert \
+# -alias $ROOT_KEY_ALIAS \
+# -keystore $SERVER_STORE \
+# -storepass $SERVER_STORE_PWD |
+# keytool \
+# -importcert \
+# -alias $ROOT_KEY_ALIAS \
+# -keystore $CLIENT_STORE \
+# -storepass $CLIENT_STORE_PWD \
+# -noprompt
+#
echo
- echo "${H2}Creating client certificate signed by root CA with expected $CLIENT_CN_NAME ${RESET}"
+ echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}"
keytool \
-certreq \
- -alias $CLIENT_CN_ALIAS \
- -dname "CN=$CLIENT_CN_NAME, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
+ -alias $CLIENT_ALIAS \
+ -dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD |
keytool \
@@ -367,22 +314,30 @@ cert_end_point() {
-validity $VALIDITY |
keytool \
-importcert \
- -alias $CLIENT_CN_ALIAS \
+ -alias $CLIENT_ALIAS \
-keystore $CLIENT_STORE \
-storepass $CLIENT_STORE_PWD \
-noprompt
}
-while [ "$CLIENT_NUMBER" != "$client_finish" ]; do
- CLIENT_CN_NAME=$(end_point)
- CLIENT_CN_ALIAS=$(client_alias_point)
- echo "$CLIENT_CN_NAME"
- echo "$CLIENT_CN_ALIAS"
- cert_end_point
- CLIENT_NUMBER=$(($CLIENT_NUMBER + 1))
- echo "number $CLIENT_NUMBER"
- echo "finish $client_finish"
-done
+if [ "$client_start" -lt "$client_finish" ]; then
+ echo "Файл содержит, как минимум, одно слово Bash."
+ echo
+ echo "==Start Client=="
+ while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do
+ echo "number $CLIENT_NUMBER"
+ echo "finish $client_finish"
+ CLIENT_CN=$(end_point)
+ CLIENT_ALIAS=$(client_alias_point)
+ CLIENT_SELF_ALIAS=$(client_self_alias_point)
+ echo "CLIENT_CN $CLIENT_CN"
+ echo "CLIENT_ALIAS $CLIENT_ALIAS"
+ echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS"
+ cert_end_point
+ CLIENT_NUMBER=$(($CLIENT_NUMBER + 1))
+ echo
+ done
+fi
echo
echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
@@ -393,11 +348,13 @@ keytool \
-deststoretype pkcs12 \
-srcstorepass $SERVER_STORE_PWD
-echo
-echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
-keytool \
- -importkeystore \
- -srckeystore $CLIENT_STORE \
- -destkeystore $CLIENT_STORE \
- -deststoretype pkcs12 \
- -srcstorepass $CLIENT_STORE_PWD
+if [ "$client_start" -lt "$client_finish" ]; then
+ echo
+ echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}"
+ keytool \
+ -importkeystore \
+ -srckeystore $CLIENT_STORE \
+ -destkeystore $CLIENT_STORE \
+ -deststoretype pkcs12 \
+ -srcstorepass $CLIENT_STORE_PWD
+fi
diff --git a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties
index 18f851e4dd..7b3cd9c09a 100644
--- a/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties
+++ b/transport/lwm2m/src/main/data/credentials/shell/lwM2M_keygen.properties
@@ -41,9 +41,9 @@ BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed"
# Client
CLIENT_STORE=clientKeyStore1.jks
CLIENT_STORE_PWD=client_ks_password1
-CLIENT_ALIAS=client_alias_1
-CLIENT_PREFIX=LwX509_
-CLIENT_SELF_ALIAS=client_self_signed
+CLIENT_ALIAS_PREFIX=client_alias_1
+CLIENT_PREFIX=LwX509___
+CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1
CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed"
# Color output stuff
diff --git a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
index ee06cf9a93..1ac5a8a632 100644
--- a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
+++ b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
@@ -53,7 +53,7 @@ transport:
# model_path_file: "${LWM2M_MODEL_PATH_FILE:./common/transport/lwm2m/src/main/resources/models/}"
model_path_file: "${LWM2M_MODEL_PATH_FILE:}"
recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
- recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:false}"
+ recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
request_pool_size: "${LWM2M_REQUEST_POOL_SIZE:100}"
request_error_pool_size: "${LWM2M_REQUEST_ERROR_POOL_SIZE:10}"
registered_pool_size: "${LWM2M_REGISTERED_POOL_SIZE:10}"
@@ -69,7 +69,7 @@ transport:
key_store_path_file: "${KEY_STORE_PATH_FILE:}"
key_store_password: "${LWM2M_KEYSTORE_PASSWORD_SERVER:server_ks_password}"
root_alias: "${LWM2M_SERVER_ROOT_CA:rootca}"
- enable_gen_psk_rpk: "${ENABLE_GEN_PSK_RPK:true}"
+ enable_gen_new_key_psk_rpk: "${ENABLE_GEN_NEW_KEY_PSK_RPK:false}"
server:
id: "${LWM2M_SERVER_ID:123}"
bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}"
@@ -79,9 +79,12 @@ transport:
bind_port_security: "${LWM2M_BIND_PORT_SECURITY:5686}"
# Only for RPK: Public & Private Key. If the keystore file is missing or not working
# create_rpk: "${CREATE_RPK:}"
- public_x: "${LWM2M_SERVER_PUBLIC_X:405354ea8893471d9296afbc8b020a5c6201b0bb25812a53b849d4480fa5f069}"
- public_y: "${LWM2M_SERVER_PUBLIC_Y:30c9237e946a3a1692c1cafaa01a238a077f632c99371348337512363f28212b}"
- private_s: "${LWM2M_SERVER_PRIVATE_S:274671fe40ce937b8a6352cf0a418e8a39e4bf0bb9bf74c910db953c20c73802}"
+ # - Public Key (Hex): [ 3059301306072a8648ce3d020106082a8648ce3d03010703420004b47a14ea87ab31cce28f24df0ae0a4cfcdb845134bcd088f2fac393b4d4843d140ebc1bfd8f5e0ec402fb8308c5c07bc380783276a385f89ef0da0b1a2545c25 ]
+ # - Private Key (Hex): [ 3041020100301306072a8648ce3d020106082a8648ce3d030107042730250201010420b65b265abfb9e67be12a7699c13123cf081c72c974688fb4faba82be129ef367 ],
+ # - Elliptic Curve parameters: [ secp256r1 [ NIST P-256, X9.62 prime256v1 ] (1.2.840.10045.3.1.7) ]
+ public_x: "${LWM2M_SERVER_PUBLIC_X:b47a14ea87ab31cce28f24df0ae0a4cfcdb845134bcd088f2fac393b4d4843d1}"
+ public_y: "${LWM2M_SERVER_PUBLIC_Y:40ebc1bfd8f5e0ec402fb8308c5c07bc380783276a385f89ef0da0b1a2545c25}"
+ private_s: "${LWM2M_SERVER_PRIVATE_S:b65b265abfb9e67be12a7699c13123cf081c72c974688fb4faba82be129ef367}"
# Only Certificate_x509:
alias: "${LWM2M_KEYSTORE_ALIAS_SERVER:server}"
bootstrap:
@@ -93,9 +96,9 @@ transport:
bind_address_security: "${LWM2M_BIND_ADDRESS_BS:0.0.0.0}"
bind_port_security: "${LWM2M_BIND_PORT_SEC_BS:5688}"
# Only for RPK: Public & Private Key. If the keystore file is missing or not working
- public_x: "${LWM2M_SERVER_PUBLIC_X_BS:993ef2b698c6a9c0c1d8be78b13a9383c0854c7c7c7a504d289b403794648183}"
- public_y: "${LWM2M_SERVER_PUBLIC_Y_BS:267412d5fc4e5ceb2257cb7fd7f76ebdac2fa9aa100afb162e990074cc0bfaa2}"
- private_s: "${LWM2M_SERVER_PRIVATE_S_BS:9dbdbb073fc63570693a9aaf1013414e261c571f27e27fc6a8c1c2ad9347875a}"
+ public_x: "${LWM2M_SERVER_PUBLIC_X_BS:f6e4e77f76296472bd72acfb6b2dd26fd858042f9075b44b45e2ebeb41cae387}"
+ public_y: "${LWM2M_SERVER_PUBLIC_Y_BS:3e97534c6b833639f71916041b0596ecd616748d81174d19c59ef02bbb21c822}"
+ private_s: "${LWM2M_SERVER_PRIVATE_S_BS:3e97534c6b833639f71916041b0596ecd616748d81174d19c59ef02bbb21c822}"
# Only Certificate_x509:
alias: "${LWM2M_KEYSTORE_ALIAS_BOOTSTRAP:bootstrap}"
# Redis