From d0928e4d815038e7094c63deb90d7c11fb3cef2e Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@avalr.com.ua>
Date: Thu, 18 Feb 2021 15:51:43 +0200
Subject: [PATCH] Lwm2m: back: DTLS - 5.2.9.1. Pre-Shared Keys, 5.2.9.2. Raw
 Public Keys

---
 ...TransportBootstrapServerConfiguration.java | 28 +++++++------------
 .../LwM2MTransportServerConfiguration.java    | 27 ++++++------------
 2 files changed, 18 insertions(+), 37 deletions(-)

diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java
index 4d48d47426..68fdc94dac 100644
--- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java
+++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapServerConfiguration.java
@@ -53,15 +53,9 @@ import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Arrays;
 
 import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
 import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
 import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CCM_8;
 import static org.thingsboard.server.transport.lwm2m.server.LwM2MTransportHandler.getCoapConfig;
 
 @Slf4j
@@ -117,18 +111,16 @@ public class LwM2MTransportBootstrapServerConfiguration {
         dtlsConfig.setRecommendedSupportedGroupsOnly(this.contextS.getCtxServer().isRecommendedSupportedGroups());
         dtlsConfig.setRecommendedCipherSuitesOnly(this.contextS.getCtxServer().isRecommendedCiphers());
         if (this.pskMode) {
-            dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256);
-        } else {
-            dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256,
-                    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+            dtlsConfig.setSupportedCipherSuites(
+                    TLS_PSK_WITH_AES_128_CCM_8,
+                    TLS_PSK_WITH_AES_128_CBC_SHA256);
+        }
+        else {
+            dtlsConfig.setSupportedCipherSuites(
+                    TLS_PSK_WITH_AES_128_CCM_8,
+                    TLS_PSK_WITH_AES_128_CBC_SHA256,
                     TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-                    TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
         }
 
         /** Set DTLS Config */
diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java
index 6e91918a6c..5981a05e06 100644
--- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java
+++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/server/LwM2MTransportServerConfiguration.java
@@ -54,15 +54,9 @@ import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Arrays;
 
 import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
 import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
-import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
 import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256;
+import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CCM_8;
 import static org.thingsboard.server.transport.lwm2m.server.LwM2MTransportHandler.getCoapConfig;
 
 @Slf4j
@@ -112,21 +106,16 @@ public class LwM2MTransportServerConfiguration {
         dtlsConfig.setRecommendedSupportedGroupsOnly(this.context.getCtxServer().isRecommendedSupportedGroups());
         dtlsConfig.setRecommendedCipherSuitesOnly(this.context.getCtxServer().isRecommendedCiphers());
         if (this.pskMode) {
-            dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256);
+            dtlsConfig.setSupportedCipherSuites(
+                    TLS_PSK_WITH_AES_128_CCM_8,
+                    TLS_PSK_WITH_AES_128_CBC_SHA256);
         }
         else {
-//            dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256,
-//                    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
-            dtlsConfig.setSupportedCipherSuites(TLS_PSK_WITH_AES_128_CBC_SHA256,
-                    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+            dtlsConfig.setSupportedCipherSuites(
+                    TLS_PSK_WITH_AES_128_CCM_8,
+                    TLS_PSK_WITH_AES_128_CBC_SHA256,
                     TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-                    TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-                    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
         }