refactored LwM2M client credentials for the new UI

@@ -151,7 +151,7 @@ public class AbstractLwM2MIntegrationTest extends AbstractWebsocketTest {
                     parameterSpec);
             KeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger(privateS), parameterSpec);
 
-//            // Get keys
+            // Get keys
             serverPublicKey = KeyFactory.getInstance("EC").generatePublic(publicKeySpec);
             serverPrivateKey = KeyFactory.getInstance("EC").generatePrivate(privateKeySpec);
 

@@ -36,7 +36,7 @@ import org.thingsboard.server.service.telemetry.cmd.v2.EntityDataUpdate;
 import org.thingsboard.server.service.telemetry.cmd.v2.LatestValueCmd;
 import org.thingsboard.server.transport.lwm2m.client.LwM2MTestClient;
 import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
-import org.thingsboard.server.transport.lwm2m.secure.credentials.NoSecClientCredentialsConfig;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.NoSecClientCredentials;
 
 import java.util.Collections;
 import java.util.List;
@@ -112,10 +112,10 @@ public class NoSecLwM2MIntegrationTest extends AbstractLwM2MIntegrationTest {
         Assert.assertEquals(device.getId(), deviceCredentials.getDeviceId());
         deviceCredentials.setCredentialsType(DeviceCredentialsType.LWM2M_CREDENTIALS);
 
-        deviceCredentials.setCredentialsId(deviceAEndpoint);
-
         LwM2MCredentials noSecCredentials = new LwM2MCredentials();
-        noSecCredentials.setClient(new NoSecClientCredentialsConfig());
+        NoSecClientCredentials clientCredentials = new NoSecClientCredentials();
+        clientCredentials.setEndpoint(deviceAEndpoint);
+        noSecCredentials.setClient(clientCredentials);
         deviceCredentials.setCredentialsValue(JacksonUtil.toString(noSecCredentials));
         doPost("/api/device/credentials", deviceCredentials).andExpect(status().isOk());
         return device;

@@ -22,6 +22,7 @@ import org.junit.Assert;
 import org.junit.Test;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.Device;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials;
 import org.thingsboard.server.common.data.query.EntityData;
 import org.thingsboard.server.common.data.query.EntityDataPageLink;
 import org.thingsboard.server.common.data.query.EntityDataQuery;
@@ -37,7 +38,6 @@ import org.thingsboard.server.service.telemetry.cmd.v2.EntityDataUpdate;
 import org.thingsboard.server.service.telemetry.cmd.v2.LatestValueCmd;
 import org.thingsboard.server.transport.lwm2m.client.LwM2MTestClient;
 import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
-import org.thingsboard.server.transport.lwm2m.secure.credentials.X509ClientCredentialsConfig;
 
 import java.util.Collections;
 import java.util.List;
@@ -101,7 +101,7 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest {
     private final String serverUri = "coaps://localhost:" + port;
 
     @NotNull
-    private Device createDevice(String credentialsId, X509ClientCredentialsConfig credentialsConfig) throws Exception {
+    private Device createDevice(X509ClientCredentials clientCredentials) throws Exception {
         Device device = new Device();
         device.setName("Device A");
         device.setDeviceProfileId(deviceProfile.getId());
@@ -114,13 +114,11 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest {
         Assert.assertEquals(device.getId(), deviceCredentials.getDeviceId());
         deviceCredentials.setCredentialsType(DeviceCredentialsType.LWM2M_CREDENTIALS);
 
-        deviceCredentials.setCredentialsId(credentialsId);
+        LwM2MCredentials credentials = new LwM2MCredentials();
 
-        LwM2MCredentials X509Credentials = new LwM2MCredentials();
+        credentials.setClient(clientCredentials);
 
-        X509Credentials.setClient(credentialsConfig);
-
-        deviceCredentials.setCredentialsValue(JacksonUtil.toString(X509Credentials));
+        deviceCredentials.setCredentialsValue(JacksonUtil.toString(credentials));
         doPost("/api/device/credentials", deviceCredentials).andExpect(status().isOk());
         return device;
     }
@@ -128,8 +126,9 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest {
     @Test
     public void testConnectAndObserveTelemetry() throws Exception {
         createDeviceProfile(TRANSPORT_CONFIGURATION);
-
-        Device device = createDevice(endpoint, new X509ClientCredentialsConfig(null, null));
+        X509ClientCredentials credentials = new X509ClientCredentials();
+        credentials.setEndpoint(endpoint);
+        Device device = createDevice(credentials);
 
         SingleEntityFilter sef = new SingleEntityFilter();
         sef.setSingleEntity(device.getId());
@@ -166,7 +165,10 @@ public class X509LwM2MIntegrationTest extends AbstractLwM2MIntegrationTest {
     @Test
     public void testConnectWithCertAndObserveTelemetry() throws Exception {
         createDeviceProfile(TRANSPORT_CONFIGURATION);
-        Device device = createDevice(null, new X509ClientCredentialsConfig(SslUtil.getCertificateString(clientX509CertNotTrusted), endpoint));
+        X509ClientCredentials credentials = new X509ClientCredentials();
+        credentials.setEndpoint(endpoint);
+        credentials.setCert(SslUtil.getCertificateString(clientX509CertNotTrusted));
+        Device device = createDevice(credentials);
 
         SingleEntityFilter sef = new SingleEntityFilter();
         sef.setSingleEntity(device.getId());

@@ -13,24 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.transport.lwm2m.secure.credentials;
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
 
-import lombok.AllArgsConstructor;
-import lombok.Data;
+import lombok.Getter;
 import lombok.NoArgsConstructor;
-import org.eclipse.leshan.core.SecurityMode;
+import lombok.Setter;
 
-import static org.eclipse.leshan.core.SecurityMode.X509;
-
-@Data
+@Getter
+@Setter
 @NoArgsConstructor
-@AllArgsConstructor
-public class X509ClientCredentialsConfig implements LwM2MClientCredentialsConfig {
-    private String cert;
+public abstract class AbstractLwM2MClientCredentials implements LwM2MClientCredentials {
     private String endpoint;
-
-    @Override
-    public SecurityMode getSecurityConfigClientMode() {
-        return X509;
-    }
 }

@@ -13,13 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.transport.lwm2m.secure.credentials;
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
 
-import org.eclipse.leshan.core.util.Hex;
+import lombok.SneakyThrows;
+import org.apache.commons.codec.binary.Hex;
 
-public class HasKey {
+public abstract class HasKey extends AbstractLwM2MClientCredentials {
     private byte[] key;
 
+    @SneakyThrows
     public void setKey(String key) {
         if (key != null) {
             this.key = Hex.decodeHex(key.toLowerCase().toCharArray());

@@ -13,25 +13,24 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.transport.lwm2m.secure.credentials;
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.eclipse.leshan.core.SecurityMode;
 
-@JsonIgnoreProperties(ignoreUnknown = true)
 @JsonTypeInfo(
         use = JsonTypeInfo.Id.NAME,
         property = "securityConfigClientMode")
 @JsonSubTypes({
-        @JsonSubTypes.Type(value = NoSecClientCredentialsConfig.class, name = "NO_SEC"),
-        @JsonSubTypes.Type(value = PSKClientCredentialsConfig.class, name = "PSK"),
-        @JsonSubTypes.Type(value = RPKClientCredentialsConfig.class, name = "RPK"),
-        @JsonSubTypes.Type(value = X509ClientCredentialsConfig.class, name = "X509")})
-public interface LwM2MClientCredentialsConfig {
+        @JsonSubTypes.Type(value = NoSecClientCredentials.class, name = "NO_SEC"),
+        @JsonSubTypes.Type(value = PSKClientCredentials.class, name = "PSK"),
+        @JsonSubTypes.Type(value = RPKClientCredentials.class, name = "RPK"),
+        @JsonSubTypes.Type(value = X509ClientCredentials.class, name = "X509")})
+public interface LwM2MClientCredentials {
 
     @JsonIgnore
-    SecurityMode getSecurityConfigClientMode();
+    LwM2MSecurityMode getSecurityConfigClientMode();
+
+    String getEndpoint();
 }

+/**
+ * Copyright © 2016-2021 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
+
+public enum LwM2MSecurityMode {
+    PSK, RPK, X509, NO_SEC;
+}

@@ -13,16 +13,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.transport.lwm2m.secure.credentials;
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
 
-import org.eclipse.leshan.core.SecurityMode;
-
-import static org.eclipse.leshan.core.SecurityMode.NO_SEC;
-
-public class NoSecClientCredentialsConfig implements LwM2MClientCredentialsConfig {
+public class NoSecClientCredentials extends AbstractLwM2MClientCredentials {
 
     @Override
-    public SecurityMode getSecurityConfigClientMode() {
-        return NO_SEC;
+    public LwM2MSecurityMode getSecurityConfigClientMode() {
+        return LwM2MSecurityMode.NO_SEC;
     }
 }

@@ -13,20 +13,18 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.transport.lwm2m.secure.credentials;
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
 
-import lombok.Data;
-import org.eclipse.leshan.core.SecurityMode;
+import lombok.Getter;
+import lombok.Setter;
 
-import static org.eclipse.leshan.core.SecurityMode.PSK;
-
-@Data
-public class PSKClientCredentialsConfig extends HasKey implements LwM2MClientCredentialsConfig {
+@Getter
+@Setter
+public class PSKClientCredentials extends HasKey {
     private String identity;
-    private String endpoint;
 
     @Override
-    public SecurityMode getSecurityConfigClientMode() {
-        return PSK;
+    public LwM2MSecurityMode getSecurityConfigClientMode() {
+        return LwM2MSecurityMode.PSK;
     }
 }

@@ -13,16 +13,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.thingsboard.server.transport.lwm2m.secure.credentials;
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
 
-import org.eclipse.leshan.core.SecurityMode;
-
-import static org.eclipse.leshan.core.SecurityMode.RPK;
-
-public class RPKClientCredentialsConfig extends HasKey implements LwM2MClientCredentialsConfig {
+public class RPKClientCredentials extends HasKey {
 
     @Override
-    public SecurityMode getSecurityConfigClientMode() {
-        return RPK;
+    public LwM2MSecurityMode getSecurityConfigClientMode() {
+        return LwM2MSecurityMode.RPK;
     }
 }

+/**
+ * Copyright © 2016-2021 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.common.data.device.credentials.lwm2m;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class X509ClientCredentials extends AbstractLwM2MClientCredentials {
+    private String cert;
+
+    @Override
+    public LwM2MSecurityMode getSecurityConfigClientMode() {
+        return LwM2MSecurityMode.X509;
+    }
+}

@@ -17,21 +17,21 @@ package org.thingsboard.server.transport.lwm2m.secure;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.leshan.core.SecurityMode;
 import org.eclipse.leshan.core.util.SecurityUtil;
 import org.eclipse.leshan.server.security.SecurityInfo;
 import org.springframework.stereotype.Component;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.StringUtils;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode;
 import org.thingsboard.server.common.transport.TransportServiceCallback;
 import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsResponse;
 import org.thingsboard.server.gen.transport.TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg;
 import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
-import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentialsConfig;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials;
 import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
-import org.thingsboard.server.transport.lwm2m.secure.credentials.PSKClientCredentialsConfig;
-import org.thingsboard.server.transport.lwm2m.secure.credentials.RPKClientCredentialsConfig;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredentials;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredentials;
 import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext;
 import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportUtil;
 
@@ -97,8 +97,8 @@ public class LwM2mCredentialsSecurityInfoValidator {
         if (credentials != null) {
             if (keyValue.equals(LwM2mTransportUtil.LwM2mTypeServer.BOOTSTRAP)) {
                 result.setBootstrapCredentialConfig(credentials.getBootstrap());
-                if (SecurityMode.PSK.equals(credentials.getClient().getSecurityConfigClientMode())) {
-                    PSKClientCredentialsConfig pskClientConfig = (PSKClientCredentialsConfig) credentials.getClient();
+                if (LwM2MSecurityMode.PSK.equals(credentials.getClient().getSecurityConfigClientMode())) {
+                    PSKClientCredentials pskClientConfig = (PSKClientCredentials) credentials.getClient();
                     endpoint = StringUtils.isNotEmpty(pskClientConfig.getEndpoint()) ? pskClientConfig.getEndpoint() : endpoint;
                 }
                 result.setEndpoint(endpoint);
@@ -130,8 +130,8 @@ public class LwM2mCredentialsSecurityInfoValidator {
         result.setSecurityMode(NO_SEC);
     }
 
-    private void createClientSecurityInfoPSK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentialsConfig clientCredentialsConfig) {
-        PSKClientCredentialsConfig pskConfig = (PSKClientCredentialsConfig) clientCredentialsConfig;
+    private void createClientSecurityInfoPSK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentials clientCredentialsConfig) {
+        PSKClientCredentials pskConfig = (PSKClientCredentials) clientCredentialsConfig;
         if (StringUtils.isNotEmpty(pskConfig.getIdentity())) {
             try {
                 if (pskConfig.getKey() != null && pskConfig.getKey().length > 0) {
@@ -149,8 +149,8 @@ public class LwM2mCredentialsSecurityInfoValidator {
         }
     }
 
-    private void createClientSecurityInfoRPK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentialsConfig clientCredentialsConfig) {
-        RPKClientCredentialsConfig rpkConfig = (RPKClientCredentialsConfig) clientCredentialsConfig;
+    private void createClientSecurityInfoRPK(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentials clientCredentialsConfig) {
+        RPKClientCredentials rpkConfig = (RPKClientCredentials) clientCredentialsConfig;
         try {
             if (rpkConfig.getKey() != null) {
                 PublicKey key = SecurityUtil.publicKey.decode(rpkConfig.getKey());
@@ -164,7 +164,7 @@ public class LwM2mCredentialsSecurityInfoValidator {
         }
     }
 
-    private void createClientSecurityInfoX509(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentialsConfig clientCredentialsConfig) {
+    private void createClientSecurityInfoX509(EndpointSecurityInfo result, String endpoint, LwM2MClientCredentials clientCredentialsConfig) {
         result.setSecurityInfo(SecurityInfo.newX509CertInfo(endpoint));
         result.setSecurityMode(X509);
     }

@@ -15,7 +15,6 @@
  */
 package org.thingsboard.server.transport.lwm2m.secure;
 
-import com.fasterxml.jackson.databind.JsonNode;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.californium.elements.util.CertPathUtil;
@@ -30,12 +29,12 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler;
 import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier;
 import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier;
 import org.eclipse.californium.scandium.util.ServerNames;
-import org.eclipse.leshan.core.SecurityMode;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.DeviceProfile;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode;
 import org.thingsboard.server.common.msg.EncryptionUtil;
 import org.thingsboard.server.common.transport.TransportService;
 import org.thingsboard.server.common.transport.TransportServiceCallback;
@@ -44,7 +43,7 @@ import org.thingsboard.server.common.transport.util.SslUtil;
 import org.thingsboard.server.gen.transport.TransportProtos;
 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
 import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
-import org.thingsboard.server.transport.lwm2m.secure.credentials.X509ClientCredentialsConfig;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials;
 import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore;
 
 import javax.annotation.PostConstruct;
@@ -140,10 +139,10 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
                             ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0];
                             if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) {
                                 LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class);
-                                if(!credentials.getClient().getSecurityConfigClientMode().equals(SecurityMode.X509)){
+                                if(!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)){
                                     continue;
                                 }
-                                X509ClientCredentialsConfig config = (X509ClientCredentialsConfig) credentials.getClient();
+                                X509ClientCredentials config = (X509ClientCredentials) credentials.getClient();
                                 String certBody = config.getCert();
                                 String endpoint = config.getEndpoint();
                                 if (strCert.equals(certBody)) {

@@ -16,10 +16,11 @@
 package org.thingsboard.server.transport.lwm2m.secure.credentials;
 
 import lombok.Data;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials;
 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig;
 
 @Data
 public class LwM2MCredentials {
-    private LwM2MClientCredentialsConfig client;
+    private LwM2MClientCredentials client;
     private LwM2MBootstrapConfig bootstrap;
 }

@@ -16,7 +16,6 @@
 package org.thingsboard.server.dao.device;
 
 
-import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import lombok.extern.slf4j.Slf4j;
 import org.hibernate.exception.ConstraintViolationException;
@@ -28,6 +27,9 @@ import org.springframework.util.StringUtils;
 import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.Device;
 import org.thingsboard.server.common.data.device.credentials.BasicMqttCredentials;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredentials;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredentials;
+import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredentials;
 import org.thingsboard.server.common.data.id.DeviceId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
@@ -133,7 +135,6 @@ public class DeviceCredentialsServiceImpl extends AbstractEntityService implemen
         deviceCredentials.setCredentialsValue(JacksonUtil.toString(mqttCredentials));
     }
 
-
     private void formatCertData(DeviceCredentials deviceCredentials) {
         String cert = EncryptionUtil.trimNewLines(deviceCredentials.getCredentialsValue());
         String sha3Hash = EncryptionUtil.getSha3Hash(cert);
@@ -142,18 +143,48 @@ public class DeviceCredentialsServiceImpl extends AbstractEntityService implemen
     }
 
     private void formatSimpleLwm2mCredentials(DeviceCredentials deviceCredentials) {
-        ObjectNode json = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(), ObjectNode.class);
-        JsonNode client = json.get("client");
-        if (client != null && client.get("securityConfigClientMode").asText().equals("X509") && client.has("cert")) {
-            JsonNode certJson = client.get("cert");
-            if (!certJson.isNull()) {
-                String cert = EncryptionUtil.trimNewLines(certJson.asText());
-                String sha3Hash = EncryptionUtil.getSha3Hash(cert);
-                deviceCredentials.setCredentialsId(sha3Hash);
-                ((ObjectNode) client).put("cert", cert);
-                deviceCredentials.setCredentialsValue(JacksonUtil.toString(json));
+        LwM2MClientCredentials clientCredentials;
+        ObjectNode json;
+        try {
+            json = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(), ObjectNode.class);
+            if (json == null) {
+                throw new IllegalArgumentException();
             }
+            clientCredentials = JacksonUtil.convertValue(json.get("client"), LwM2MClientCredentials.class);
+            if (clientCredentials == null) {
+                throw new IllegalArgumentException();
+            }
+        } catch (IllegalArgumentException e) {
+            throw new DataValidationException("Invalid credentials body for LwM2M credentials!");
+        }
+
+        String credentialsId;
+
+        switch (clientCredentials.getSecurityConfigClientMode()) {
+            case NO_SEC:
+            case RPK:
+                credentialsId = clientCredentials.getEndpoint();
+                break;
+            case PSK:
+                credentialsId = ((PSKClientCredentials) clientCredentials).getIdentity();
+                break;
+            case X509:
+                X509ClientCredentials x509Config = (X509ClientCredentials) clientCredentials;
+                if (x509Config.getCert() != null) {
+                    String cert = EncryptionUtil.trimNewLines(x509Config.getCert());
+                    String sha3Hash = EncryptionUtil.getSha3Hash(cert);
+                    x509Config.setCert(cert);
+                    ((ObjectNode) json.get("client")).put("cert", cert);
+                    deviceCredentials.setCredentialsValue(JacksonUtil.toString(json));
+                    credentialsId = sha3Hash;
+                } else {
+                    credentialsId = x509Config.getEndpoint();
+                }
+                break;
+            default:
+                throw new DataValidationException("Invalid credentials body for LwM2M credentials!");
         }
+        deviceCredentials.setCredentialsId(credentialsId);
     }
 
     @Override