Commit 38843c839c18c294c8526bfc665e7b5f59333cc8
1 parent
7ca626a0
Merge with the new data structures
Showing
2 changed files
with
14 additions
and
7 deletions
| @@ -30,6 +30,7 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler; | @@ -30,6 +30,7 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler; | ||
| 30 | import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; | 30 | import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; |
| 31 | import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; | 31 | import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; |
| 32 | import org.eclipse.californium.scandium.util.ServerNames; | 32 | import org.eclipse.californium.scandium.util.ServerNames; |
| 33 | +import org.eclipse.leshan.core.SecurityMode; | ||
| 33 | import org.springframework.beans.factory.annotation.Value; | 34 | import org.springframework.beans.factory.annotation.Value; |
| 34 | import org.springframework.stereotype.Component; | 35 | import org.springframework.stereotype.Component; |
| 35 | import org.springframework.util.StringUtils; | 36 | import org.springframework.util.StringUtils; |
| @@ -42,6 +43,8 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes | @@ -42,6 +43,8 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes | ||
| 42 | import org.thingsboard.server.common.transport.util.SslUtil; | 43 | import org.thingsboard.server.common.transport.util.SslUtil; |
| 43 | import org.thingsboard.server.gen.transport.TransportProtos; | 44 | import org.thingsboard.server.gen.transport.TransportProtos; |
| 44 | import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; | 45 | import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; |
| 46 | +import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; | ||
| 47 | +import org.thingsboard.server.transport.lwm2m.secure.credentials.X509ClientCredentialsConfig; | ||
| 45 | import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; | 48 | import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; |
| 46 | 49 | ||
| 47 | import javax.annotation.PostConstruct; | 50 | import javax.annotation.PostConstruct; |
| @@ -104,7 +107,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer | @@ -104,7 +107,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer | ||
| 104 | return new CertificateVerificationResult(cid, publicKey, null); | 107 | return new CertificateVerificationResult(cid, publicKey, null); |
| 105 | } else { | 108 | } else { |
| 106 | try { | 109 | try { |
| 107 | - String credentialsBody = null; | 110 | + boolean x509CredentialsFound = false; |
| 108 | CertPath certpath = message.getCertificateChain(); | 111 | CertPath certpath = message.getCertificateChain(); |
| 109 | X509Certificate[] chain = certpath.getCertificates().toArray(new X509Certificate[0]); | 112 | X509Certificate[] chain = certpath.getCertificates().toArray(new X509Certificate[0]); |
| 110 | for (X509Certificate cert : chain) { | 113 | for (X509Certificate cert : chain) { |
| @@ -136,12 +139,15 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer | @@ -136,12 +139,15 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer | ||
| 136 | if (latch.await(10, TimeUnit.SECONDS)) { | 139 | if (latch.await(10, TimeUnit.SECONDS)) { |
| 137 | ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0]; | 140 | ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0]; |
| 138 | if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { | 141 | if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { |
| 139 | - JsonNode credentialsJson = JacksonUtil.toJsonNode(msg.getCredentials()); | ||
| 140 | - String certBody = credentialsJson.get("cert").asText(); | ||
| 141 | - String endpoint = credentialsJson.get("endpoint").asText(); | 142 | + LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class); |
| 143 | + if(!credentials.getClient().getSecurityConfigClientMode().equals(SecurityMode.X509)){ | ||
| 144 | + continue; | ||
| 145 | + } | ||
| 146 | + X509ClientCredentialsConfig config = (X509ClientCredentialsConfig) credentials.getClient(); | ||
| 147 | + String certBody = config.getCert(); | ||
| 148 | + String endpoint = config.getEndpoint(); | ||
| 142 | if (strCert.equals(certBody)) { | 149 | if (strCert.equals(certBody)) { |
| 143 | - //TODO: extract endpoint from credentials body and push to storage | ||
| 144 | - credentialsBody = msg.getCredentials(); | 150 | + x509CredentialsFound = true; |
| 145 | DeviceProfile deviceProfile = msg.getDeviceProfile(); | 151 | DeviceProfile deviceProfile = msg.getDeviceProfile(); |
| 146 | if (msg.hasDeviceInfo() && deviceProfile != null) { | 152 | if (msg.hasDeviceInfo() && deviceProfile != null) { |
| 147 | sessionStorage.put(endpoint, new TbX509DtlsSessionInfo(cert.getSubjectX500Principal().getName(), msg)); | 153 | sessionStorage.put(endpoint, new TbX509DtlsSessionInfo(cert.getSubjectX500Principal().getName(), msg)); |
| @@ -159,7 +165,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer | @@ -159,7 +165,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer | ||
| 159 | log.error(e.getMessage(), e); | 165 | log.error(e.getMessage(), e); |
| 160 | } | 166 | } |
| 161 | } | 167 | } |
| 162 | - if (credentialsBody == null) { | 168 | + if (!x509CredentialsFound) { |
| 163 | if (staticCertificateVerifier != null) { | 169 | if (staticCertificateVerifier != null) { |
| 164 | staticCertificateVerifier.verifyCertificate(message, session); | 170 | staticCertificateVerifier.verifyCertificate(message, session); |
| 165 | } else { | 171 | } else { |
| @@ -9,6 +9,7 @@ import static org.eclipse.leshan.core.SecurityMode.X509; | @@ -9,6 +9,7 @@ import static org.eclipse.leshan.core.SecurityMode.X509; | ||
| 9 | public class X509ClientCredentialsConfig implements LwM2MClientCredentialsConfig { | 9 | public class X509ClientCredentialsConfig implements LwM2MClientCredentialsConfig { |
| 10 | private boolean allowTrustedOnly; | 10 | private boolean allowTrustedOnly; |
| 11 | private String cert; | 11 | private String cert; |
| 12 | + private String endpoint; | ||
| 12 | 13 | ||
| 13 | @Override | 14 | @Override |
| 14 | public SecurityMode getSecurityConfigClientMode() { | 15 | public SecurityMode getSecurityConfigClientMode() { |