Commit 38843c839c18c294c8526bfc665e7b5f59333cc8
1 parent
7ca626a0
Merge with the new data structures
Showing
2 changed files
with
14 additions
and
7 deletions
| ... | ... | @@ -30,6 +30,7 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler; |
| 30 | 30 | import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; |
| 31 | 31 | import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; |
| 32 | 32 | import org.eclipse.californium.scandium.util.ServerNames; |
| 33 | +import org.eclipse.leshan.core.SecurityMode; | |
| 33 | 34 | import org.springframework.beans.factory.annotation.Value; |
| 34 | 35 | import org.springframework.stereotype.Component; |
| 35 | 36 | import org.springframework.util.StringUtils; |
| ... | ... | @@ -42,6 +43,8 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes |
| 42 | 43 | import org.thingsboard.server.common.transport.util.SslUtil; |
| 43 | 44 | import org.thingsboard.server.gen.transport.TransportProtos; |
| 44 | 45 | import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; |
| 46 | +import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; | |
| 47 | +import org.thingsboard.server.transport.lwm2m.secure.credentials.X509ClientCredentialsConfig; | |
| 45 | 48 | import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; |
| 46 | 49 | |
| 47 | 50 | import javax.annotation.PostConstruct; |
| ... | ... | @@ -104,7 +107,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer |
| 104 | 107 | return new CertificateVerificationResult(cid, publicKey, null); |
| 105 | 108 | } else { |
| 106 | 109 | try { |
| 107 | - String credentialsBody = null; | |
| 110 | + boolean x509CredentialsFound = false; | |
| 108 | 111 | CertPath certpath = message.getCertificateChain(); |
| 109 | 112 | X509Certificate[] chain = certpath.getCertificates().toArray(new X509Certificate[0]); |
| 110 | 113 | for (X509Certificate cert : chain) { |
| ... | ... | @@ -136,12 +139,15 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer |
| 136 | 139 | if (latch.await(10, TimeUnit.SECONDS)) { |
| 137 | 140 | ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0]; |
| 138 | 141 | if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { |
| 139 | - JsonNode credentialsJson = JacksonUtil.toJsonNode(msg.getCredentials()); | |
| 140 | - String certBody = credentialsJson.get("cert").asText(); | |
| 141 | - String endpoint = credentialsJson.get("endpoint").asText(); | |
| 142 | + LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class); | |
| 143 | + if(!credentials.getClient().getSecurityConfigClientMode().equals(SecurityMode.X509)){ | |
| 144 | + continue; | |
| 145 | + } | |
| 146 | + X509ClientCredentialsConfig config = (X509ClientCredentialsConfig) credentials.getClient(); | |
| 147 | + String certBody = config.getCert(); | |
| 148 | + String endpoint = config.getEndpoint(); | |
| 142 | 149 | if (strCert.equals(certBody)) { |
| 143 | - //TODO: extract endpoint from credentials body and push to storage | |
| 144 | - credentialsBody = msg.getCredentials(); | |
| 150 | + x509CredentialsFound = true; | |
| 145 | 151 | DeviceProfile deviceProfile = msg.getDeviceProfile(); |
| 146 | 152 | if (msg.hasDeviceInfo() && deviceProfile != null) { |
| 147 | 153 | sessionStorage.put(endpoint, new TbX509DtlsSessionInfo(cert.getSubjectX500Principal().getName(), msg)); |
| ... | ... | @@ -159,7 +165,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer |
| 159 | 165 | log.error(e.getMessage(), e); |
| 160 | 166 | } |
| 161 | 167 | } |
| 162 | - if (credentialsBody == null) { | |
| 168 | + if (!x509CredentialsFound) { | |
| 163 | 169 | if (staticCertificateVerifier != null) { |
| 164 | 170 | staticCertificateVerifier.verifyCertificate(message, session); |
| 165 | 171 | } else { | ... | ... |
| ... | ... | @@ -9,6 +9,7 @@ import static org.eclipse.leshan.core.SecurityMode.X509; |
| 9 | 9 | public class X509ClientCredentialsConfig implements LwM2MClientCredentialsConfig { |
| 10 | 10 | private boolean allowTrustedOnly; |
| 11 | 11 | private String cert; |
| 12 | + private String endpoint; | |
| 12 | 13 | |
| 13 | 14 | @Override |
| 14 | 15 | public SecurityMode getSecurityConfigClientMode() { | ... | ... |