简柏林 / thingskit · Commits

Commit 690c97dd4d66e88af88b9946387f25bc2b91e282

Authored by Andrii Shvaika
1 parent ee55c0bf

Renaming of the lwm2m configuration properties

Inline Side-by-side
Showing 8 changed files with 43 additions and 189 deletions
@@ -647,42 +647,40 @@ transport: @@ -647,42 +647,40 @@ transport:
647 bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}" 647 bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}"
648 bind_port: "${LWM2M_BIND_PORT:5685}" 648 bind_port: "${LWM2M_BIND_PORT:5685}"
649 security: 649 security:
650 - bind_address: "${LWM2M_BIND_ADDRESS_SECURITY:0.0.0.0}"  
651 - bind_port: "${LWM2M_BIND_PORT_SECURITY:5686}" 650 + bind_address: "${LWM2M_SECURITY_BIND_ADDRESS:0.0.0.0}"
  651 + bind_port: "${LWM2M_SECURITY_BIND_PORT:5686}"
652 # Only Certificate_x509: 652 # Only Certificate_x509:
653 - alias: "${LWM2M_KEYSTORE_SERVER_ALIAS:server}"  
654 - password: "${LWM2M_KEYSTORE_SERVER_PASSWORD:server_ks_password}" 653 + key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}"
  654 + key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_ks_password}"
655 skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}" 655 skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
656 bootstrap: 656 bootstrap:
657 enable: "${LWM2M_ENABLED_BS:true}" 657 enable: "${LWM2M_ENABLED_BS:true}"
658 id: "${LWM2M_SERVER_ID_BS:111}" 658 id: "${LWM2M_SERVER_ID_BS:111}"
659 - bind_address: "${LWM2M_BIND_ADDRESS_BS:0.0.0.0}"  
660 - bind_port: "${LWM2M_BIND_PORT_BS:5687}" 659 + bind_address: "${LWM2M_BS_BIND_ADDRESS:0.0.0.0}"
  660 + bind_port: "${LWM2M_BS_BIND_PORT:5687}"
661 security: 661 security:
662 - bind_address: "${LWM2M_BIND_ADDRESS_SECURITY_BS:0.0.0.0}"  
663 - bind_port: "${LWM2M_BIND_PORT_SECURITY_BS:5688}" 662 + bind_address: "${LWM2M_BS_SECURITY_BIND_ADDRESS:0.0.0.0}"
  663 + bind_port: "${LWM2M_BS_SECURITY_BIND_PORT:5688}"
664 # Only Certificate_x509: 664 # Only Certificate_x509:
665 - alias: "${LWM2M_KEYSTORE_BS_ALIAS:bootstrap}"  
666 - password: "${LWM2M_KEYSTORE_BS_PASSWORD:server_ks_password}" 665 + key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}"
  666 + key_password: "${LWM2M_BS_KEY_PASSWORD:server_ks_password}"
667 security: 667 security:
668 # Certificate_x509: 668 # Certificate_x509:
669 # To get helps about files format and how to generate it, see: https://github.com/eclipse/leshan/wiki/Credential-files-format 669 # To get helps about files format and how to generate it, see: https://github.com/eclipse/leshan/wiki/Credential-files-format
670 # Create new X509 Certificates: common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh 670 # Create new X509 Certificates: common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
671 key_store_type: "${LWM2M_KEYSTORE_TYPE:JKS}" 671 key_store_type: "${LWM2M_KEYSTORE_TYPE:JKS}"
672 # key_store_path_file: "${KEY_STORE_PATH_FILE:/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks" 672 # key_store_path_file: "${KEY_STORE_PATH_FILE:/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks"
673 - key_store: "${LWM2M_KEY_STORE:lwm2mserver.jks}"  
674 - key_store_password: "${LWM2M_KEY_STORE_PASSWORD:server_ks_password}"  
675 - root_alias: "${LWM2M_SERVER_ROOT_CA:rootca}"  
676 - enable_gen_new_key_psk_rpk: "${ENABLE_GEN_NEW_KEY_PSK_RPK:false}" 673 + key_store: "${LWM2M_KEYSTORE:lwm2mserver.jks}"
  674 + key_store_password: "${LWM2M_KEYSTORE_PASSWORD:server_ks_password}"
  675 + root_alias: "${LWM2M_SERVER_ROOT_CA_ALIAS:rootca}"
  676 + recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
  677 + recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
677 timeout: "${LWM2M_TIMEOUT:120000}" 678 timeout: "${LWM2M_TIMEOUT:120000}"
678 - recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"  
679 - recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"  
680 uplink_pool_size: "${LWM2M_UPLINK_POOL_SIZE:10}" 679 uplink_pool_size: "${LWM2M_UPLINK_POOL_SIZE:10}"
681 downlink_pool_size: "${LWM2M_DOWNLINK_POOL_SIZE:10}" 680 downlink_pool_size: "${LWM2M_DOWNLINK_POOL_SIZE:10}"
682 ota_pool_size: "${LWM2M_OTA_POOL_SIZE:10}" 681 ota_pool_size: "${LWM2M_OTA_POOL_SIZE:10}"
683 - registration_store_pool_size: "${LWM2M_REGISTRATION_STORE_POOL_SIZE:100}"  
684 clean_period_in_sec: "${LWM2M_CLEAN_PERIOD_IN_SEC:2}" 682 clean_period_in_sec: "${LWM2M_CLEAN_PERIOD_IN_SEC:2}"
685 - log_max_length: "${LWM2M_LOG_MAX_LENGTH:100}" 683 + log_max_length: "${LWM2M_LOG_MAX_LENGTH:1024}"
686 # Use redis for Security and Registration stores 684 # Use redis for Security and Registration stores
687 redis.enabled: "${LWM2M_REDIS_ENABLED:false}" 685 redis.enabled: "${LWM2M_REDIS_ENABLED:false}"
688 snmp: 686 snmp:
1 transport.lwm2m.security.key_store=lwm2m/credentials/serverKeyStore.jks 1 transport.lwm2m.security.key_store=lwm2m/credentials/serverKeyStore.jks
2 transport.lwm2m.security.key_store_password=server 2 transport.lwm2m.security.key_store_password=server
3 edges.enabled=true 3 edges.enabled=true
4 -transport.lwm2m.server.security.alias=server  
5 -transport.lwm2m.server.security.password=server  
6 -transport.lwm2m.bootstrap.security.alias=server  
7 -transport.lwm2m.bootstrap.security.password=server  
  4 +transport.lwm2m.server.security.key_alias=server
  5 +transport.lwm2m.server.security.key_password=server
  6 +transport.lwm2m.bootstrap.security.key_alias=server
  7 +transport.lwm2m.bootstrap.security.key_password=server
@@ -18,48 +18,26 @@ package org.thingsboard.server.transport.lwm2m.bootstrap; @@ -18,48 +18,26 @@ package org.thingsboard.server.transport.lwm2m.bootstrap;
18 import lombok.RequiredArgsConstructor; 18 import lombok.RequiredArgsConstructor;
19 import lombok.extern.slf4j.Slf4j; 19 import lombok.extern.slf4j.Slf4j;
20 import org.eclipse.californium.scandium.config.DtlsConnectorConfig; 20 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
21 -import org.eclipse.leshan.core.util.Hex;  
22 import org.eclipse.leshan.server.bootstrap.BootstrapSessionManager; 21 import org.eclipse.leshan.server.bootstrap.BootstrapSessionManager;
23 import org.eclipse.leshan.server.californium.bootstrap.LeshanBootstrapServer; 22 import org.eclipse.leshan.server.californium.bootstrap.LeshanBootstrapServer;
24 import org.eclipse.leshan.server.californium.bootstrap.LeshanBootstrapServerBuilder; 23 import org.eclipse.leshan.server.californium.bootstrap.LeshanBootstrapServerBuilder;
25 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression; 24 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
26 import org.springframework.stereotype.Component; 25 import org.springframework.stereotype.Component;
27 -import org.thingsboard.server.common.data.StringUtils;  
28 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapSecurityStore; 26 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapSecurityStore;
29 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MInMemoryBootstrapConfigStore; 27 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MInMemoryBootstrapConfigStore;
30 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2mDefaultBootstrapSessionManager; 28 import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2mDefaultBootstrapSessionManager;
31 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportBootstrapConfig; 29 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportBootstrapConfig;
32 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; 30 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
33 -import org.thingsboard.server.transport.lwm2m.secure.LWM2MGenerationPSkRPkECC;  
34 import org.thingsboard.server.transport.lwm2m.server.DefaultLwM2mTransportService; 31 import org.thingsboard.server.transport.lwm2m.server.DefaultLwM2mTransportService;
35 32
36 import javax.annotation.PostConstruct; 33 import javax.annotation.PostConstruct;
37 import javax.annotation.PreDestroy; 34 import javax.annotation.PreDestroy;
38 -import java.math.BigInteger;  
39 -import java.security.AlgorithmParameters;  
40 -import java.security.KeyFactory;  
41 import java.security.KeyStore; 35 import java.security.KeyStore;
42 import java.security.KeyStoreException; 36 import java.security.KeyStoreException;
43 -import java.security.NoSuchAlgorithmException;  
44 import java.security.PrivateKey; 37 import java.security.PrivateKey;
45 import java.security.PublicKey; 38 import java.security.PublicKey;
46 -import java.security.cert.CertificateEncodingException;  
47 import java.security.cert.X509Certificate; 39 import java.security.cert.X509Certificate;
48 -import java.security.interfaces.ECPublicKey;  
49 -import java.security.spec.ECGenParameterSpec;  
50 -import java.security.spec.ECParameterSpec;  
51 -import java.security.spec.ECPoint;  
52 -import java.security.spec.ECPublicKeySpec;  
53 -import java.security.spec.InvalidKeySpecException;  
54 -import java.security.spec.InvalidParameterSpecException;  
55 -import java.security.spec.KeySpec;  
56 -import java.security.spec.PKCS8EncodedKeySpec;  
57 -import java.util.Arrays;  
58 -  
59 -import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;  
60 -import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;  
61 -import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256;  
62 -import static org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CCM_8; 40 +
63 import static org.thingsboard.server.transport.lwm2m.server.LwM2mNetworkConfig.getCoapConfig; 41 import static org.thingsboard.server.transport.lwm2m.server.LwM2mNetworkConfig.getCoapConfig;
64 42
65 @Slf4j 43 @Slf4j
@@ -78,9 +56,6 @@ public class LwM2MTransportBootstrapService { @@ -78,9 +56,6 @@ public class LwM2MTransportBootstrapService {
78 56
79 @PostConstruct 57 @PostConstruct
80 public void init() { 58 public void init() {
81 - if (serverConfig.getEnableGenNewKeyPskRpk()) {  
82 - new LWM2MGenerationPSkRPkECC();  
83 - }  
84 log.info("Starting LwM2M transport bootstrap server..."); 59 log.info("Starting LwM2M transport bootstrap server...");
85 this.server = getLhBootstrapServer(); 60 this.server = getLhBootstrapServer();
86 this.server.start(); 61 this.server.start();
@@ -47,11 +47,11 @@ public class LwM2MTransportBootstrapConfig implements LwM2MSecureServerConfig { @@ -47,11 +47,11 @@ public class LwM2MTransportBootstrapConfig implements LwM2MSecureServerConfig {
47 private Integer securePort; 47 private Integer securePort;
48 48
49 @Getter 49 @Getter
50 - @Value("${transport.lwm2m.bootstrap.security.alias:}") 50 + @Value("${transport.lwm2m.bootstrap.security.key_alias:}")
51 private String certificateAlias; 51 private String certificateAlias;
52 52
53 @Getter 53 @Getter
54 - @Value("${transport.lwm2m.bootstrap.security.password:}") 54 + @Value("${transport.lwm2m.bootstrap.security.key_password:}")
55 private String certificatePassword; 55 private String certificatePassword;
56 56
57 } 57 }
@@ -53,11 +53,11 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig { @@ -53,11 +53,11 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig {
53 private long sessionReportTimeout; 53 private long sessionReportTimeout;
54 54
55 @Getter 55 @Getter
56 - @Value("${transport.lwm2m.recommended_ciphers:}") 56 + @Value("${transport.lwm2m.security.recommended_ciphers:}")
57 private boolean recommendedCiphers; 57 private boolean recommendedCiphers;
58 58
59 @Getter 59 @Getter
60 - @Value("${transport.lwm2m.recommended_supported_groups:}") 60 + @Value("${transport.lwm2m.security.recommended_supported_groups:}")
61 private boolean recommendedSupportedGroups; 61 private boolean recommendedSupportedGroups;
62 62
63 @Getter 63 @Getter
@@ -97,10 +97,6 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig { @@ -97,10 +97,6 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig {
97 private String rootCertificateAlias; 97 private String rootCertificateAlias;
98 98
99 @Getter 99 @Getter
100 - @Value("${transport.lwm2m.security.enable_gen_new_key_psk_rpk:}")  
101 - private Boolean enableGenNewKeyPskRpk;  
102 -  
103 - @Getter  
104 @Value("${transport.lwm2m.server.id:}") 100 @Value("${transport.lwm2m.server.id:}")
105 private Integer id; 101 private Integer id;
106 102
@@ -121,11 +117,11 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig { @@ -121,11 +117,11 @@ public class LwM2MTransportServerConfig implements LwM2MSecureServerConfig {
121 private Integer securePort; 117 private Integer securePort;
122 118
123 @Getter 119 @Getter
124 - @Value("${transport.lwm2m.server.security.alias:}") 120 + @Value("${transport.lwm2m.server.security.key_alias:}")
125 private String certificateAlias; 121 private String certificateAlias;
126 122
127 @Getter 123 @Getter
128 - @Value("${transport.lwm2m.server.security.password:}") 124 + @Value("${transport.lwm2m.server.security.key_password:}")
129 private String certificatePassword; 125 private String certificatePassword;
130 126
131 @Getter 127 @Getter
1 -/**  
2 - * Copyright © 2016-2021 The Thingsboard Authors  
3 - *  
4 - * Licensed under the Apache License, Version 2.0 (the "License");  
5 - * you may not use this file except in compliance with the License.  
6 - * You may obtain a copy of the License at  
7 - *  
8 - * http://www.apache.org/licenses/LICENSE-2.0  
9 - *  
10 - * Unless required by applicable law or agreed to in writing, software  
11 - * distributed under the License is distributed on an "AS IS" BASIS,  
12 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
13 - * See the License for the specific language governing permissions and  
14 - * limitations under the License.  
15 - */  
16 -package org.thingsboard.server.transport.lwm2m.secure;  
17 -  
18 -import lombok.extern.slf4j.Slf4j;  
19 -import org.eclipse.leshan.core.util.Hex;  
20 -  
21 -import java.security.InvalidAlgorithmParameterException;  
22 -import java.security.KeyPair;  
23 -import java.security.KeyPairGenerator;  
24 -import java.security.NoSuchAlgorithmException;  
25 -import java.security.NoSuchProviderException;  
26 -import java.security.PrivateKey;  
27 -import java.security.PublicKey;  
28 -import java.security.SecureRandom;  
29 -import java.security.interfaces.ECPublicKey;  
30 -import java.security.spec.ECGenParameterSpec;  
31 -import java.util.Arrays;  
32 -  
33 -@Slf4j  
34 -public class LWM2MGenerationPSkRPkECC {  
35 -  
36 - public LWM2MGenerationPSkRPkECC() {  
37 - generationPSkKey();  
38 - generationRPKECCKey();  
39 - }  
40 -  
41 - private void generationPSkKey() {  
42 - /* PSK */  
43 - int lenPSkKey = 32;  
44 - /* Start PSK  
45 - Clients and Servers MUST support PSK keys of up to 64 bytes in length, as required by [RFC7925]  
46 - SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in [RFC4086]  
47 - */  
48 - SecureRandom randomPSK = new SecureRandom();  
49 - byte[] bytesPSK = new byte[lenPSkKey];  
50 - randomPSK.nextBytes(bytesPSK);  
51 - log.info("\nCreating new PSK: \n for the next start PSK -> security key: [{}]", Hex.encodeHexString(bytesPSK));  
52 - }  
53 -  
54 - private void generationRPKECCKey() {  
55 - /* RPK */  
56 - String algorithm = "EC";  
57 - String provider = "SunEC";  
58 - String nameParameterSpec = "secp256r1";  
59 -  
60 - /* Start RPK  
61 - Elliptic Curve parameters : [secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)]  
62 - */  
63 - KeyPairGenerator kpg = null;  
64 - try {  
65 - kpg = KeyPairGenerator.getInstance(algorithm, provider);  
66 - } catch (NoSuchAlgorithmException | NoSuchProviderException e) {  
67 - log.error("", e);  
68 - }  
69 - ECGenParameterSpec ecsp = new ECGenParameterSpec(nameParameterSpec);  
70 - try {  
71 - kpg.initialize(ecsp);  
72 - } catch (InvalidAlgorithmParameterException e) {  
73 - log.error("", e);  
74 - }  
75 -  
76 - KeyPair kp = kpg.genKeyPair();  
77 - PrivateKey privKey = kp.getPrivate();  
78 - PublicKey pubKey = kp.getPublic();  
79 -  
80 - if (pubKey instanceof ECPublicKey) {  
81 - ECPublicKey ecPublicKey = (ECPublicKey) pubKey;  
82 - /* Get x coordinate */  
83 - byte[] x = ecPublicKey.getW().getAffineX().toByteArray();  
84 - if (x[0] == 0)  
85 - x = Arrays.copyOfRange(x, 1, x.length);  
86 -  
87 - /* Get Y coordinate */  
88 - byte[] y = ecPublicKey.getW().getAffineY().toByteArray();  
89 - if (y[0] == 0)  
90 - y = Arrays.copyOfRange(y, 1, y.length);  
91 -  
92 - /* Get Curves params */  
93 - String privHex = Hex.encodeHexString(privKey.getEncoded());  
94 - log.info("\nCreating new RPK for the next start... \n" +  
95 - " Public Key (Hex): [{}]\n" +  
96 - " Private Key (Hex): [{}]" +  
97 - " public_x : [{}] \n" +  
98 - " public_y : [{}] \n" +  
99 - " private_encode : [{}] \n" +  
100 - " Elliptic Curve parameters : [{}] \n",  
101 - Hex.encodeHexString(pubKey.getEncoded()),  
102 - privHex,  
103 - Hex.encodeHexString(x),  
104 - Hex.encodeHexString(y),  
105 - privHex,  
106 - ecPublicKey.getParams().toString());  
107 - }  
108 - }  
109 -}  
110 -  
@@ -29,7 +29,6 @@ import org.springframework.stereotype.Component; @@ -29,7 +29,6 @@ import org.springframework.stereotype.Component;
29 import org.thingsboard.server.cache.ota.OtaPackageDataCache; 29 import org.thingsboard.server.cache.ota.OtaPackageDataCache;
30 import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; 30 import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
31 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; 31 import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
32 -import org.thingsboard.server.transport.lwm2m.secure.LWM2MGenerationPSkRPkECC;  
33 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MAuthorizer; 32 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MAuthorizer;
34 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MDtlsCertificateVerifier; 33 import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MDtlsCertificateVerifier;
35 import org.thingsboard.server.transport.lwm2m.server.client.LwM2mClientContext; 34 import org.thingsboard.server.transport.lwm2m.server.client.LwM2mClientContext;
@@ -74,9 +73,6 @@ public class DefaultLwM2mTransportService implements LwM2MTransportService { @@ -74,9 +73,6 @@ public class DefaultLwM2mTransportService implements LwM2MTransportService {
74 73
75 @PostConstruct 74 @PostConstruct
76 public void init() { 75 public void init() {
77 - if (config.getEnableGenNewKeyPskRpk()) {  
78 - new LWM2MGenerationPSkRPkECC();  
79 - }  
80 this.server = getLhServer(); 76 this.server = getLhServer();
81 /* 77 /*
82 * Add a resource to the server. 78 * Add a resource to the server.
@@ -106,41 +106,40 @@ transport: @@ -106,41 +106,40 @@ transport:
106 bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}" 106 bind_address: "${LWM2M_BIND_ADDRESS:0.0.0.0}"
107 bind_port: "${LWM2M_BIND_PORT:5685}" 107 bind_port: "${LWM2M_BIND_PORT:5685}"
108 security: 108 security:
109 - bind_address: "${LWM2M_BIND_ADDRESS_SECURITY:0.0.0.0}"  
110 - bind_port: "${LWM2M_BIND_PORT_SECURITY:5686}" 109 + bind_address: "${LWM2M_SECURITY_BIND_ADDRESS:0.0.0.0}"
  110 + bind_port: "${LWM2M_SECURITY_BIND_PORT:5686}"
111 # Only Certificate_x509: 111 # Only Certificate_x509:
112 - alias: "${LWM2M_KEYSTORE_SERVER_ALIAS:server}"  
113 - password: "${LWM2M_KEYSTORE_SERVER_PASSWORD:server_ks_password}" 112 + key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}"
  113 + key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_ks_password}"
114 skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}" 114 skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
115 bootstrap: 115 bootstrap:
116 enable: "${LWM2M_ENABLED_BS:true}" 116 enable: "${LWM2M_ENABLED_BS:true}"
117 id: "${LWM2M_SERVER_ID_BS:111}" 117 id: "${LWM2M_SERVER_ID_BS:111}"
118 - bind_address: "${LWM2M_BIND_ADDRESS_BS:0.0.0.0}"  
119 - bind_port: "${LWM2M_BIND_PORT_BS:5687}" 118 + bind_address: "${LWM2M_BS_BIND_ADDRESS:0.0.0.0}"
  119 + bind_port: "${LWM2M_BS_BIND_PORT:5687}"
120 security: 120 security:
121 - bind_address: "${LWM2M_BIND_ADDRESS_SECURITY_BS:0.0.0.0}"  
122 - bind_port: "${LWM2M_BIND_PORT_SECURITY_BS:5688}" 121 + bind_address: "${LWM2M_BS_SECURITY_BIND_ADDRESS:0.0.0.0}"
  122 + bind_port: "${LWM2M_BS_SECURITY_BIND_PORT:5688}"
123 # Only Certificate_x509: 123 # Only Certificate_x509:
124 - alias: "${LWM2M_KEYSTORE_BS_ALIAS:bootstrap}"  
125 - password: "${LWM2M_KEYSTORE_BS_PASSWORD:server_ks_password}" 124 + key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}"
  125 + key_password: "${LWM2M_BS_KEY_PASSWORD:server_ks_password}"
126 security: 126 security:
127 # Certificate_x509: 127 # Certificate_x509:
128 # To get helps about files format and how to generate it, see: https://github.com/eclipse/leshan/wiki/Credential-files-format 128 # To get helps about files format and how to generate it, see: https://github.com/eclipse/leshan/wiki/Credential-files-format
129 # Create new X509 Certificates: common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh 129 # Create new X509 Certificates: common/transport/lwm2m/src/main/resources/credentials/shell/lwM2M_credentials.sh
130 key_store_type: "${LWM2M_KEYSTORE_TYPE:JKS}" 130 key_store_type: "${LWM2M_KEYSTORE_TYPE:JKS}"
131 # key_store_path_file: "${KEY_STORE_PATH_FILE:/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks" 131 # key_store_path_file: "${KEY_STORE_PATH_FILE:/common/transport/lwm2m/src/main/resources/credentials/serverKeyStore.jks"
132 - key_store: "${LWM2M_KEY_STORE:lwm2mserver.jks}"  
133 - key_store_password: "${LWM2M_KEY_STORE_PASSWORD:server_ks_password}"  
134 - root_alias: "${LWM2M_SERVER_ROOT_CA:rootca}"  
135 - enable_gen_new_key_psk_rpk: "${ENABLE_GEN_NEW_KEY_PSK_RPK:false}" 132 + key_store: "${LWM2M_KEYSTORE:lwm2mserver.jks}"
  133 + key_store_password: "${LWM2M_KEYSTORE_PASSWORD:server_ks_password}"
  134 + root_alias: "${LWM2M_SERVER_ROOT_CA_ALIAS:rootca}"
  135 + recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"
  136 + recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"
136 timeout: "${LWM2M_TIMEOUT:120000}" 137 timeout: "${LWM2M_TIMEOUT:120000}"
137 - recommended_ciphers: "${LWM2M_RECOMMENDED_CIPHERS:false}"  
138 - recommended_supported_groups: "${LWM2M_RECOMMENDED_SUPPORTED_GROUPS:true}"  
139 uplink_pool_size: "${LWM2M_UPLINK_POOL_SIZE:10}" 138 uplink_pool_size: "${LWM2M_UPLINK_POOL_SIZE:10}"
140 downlink_pool_size: "${LWM2M_DOWNLINK_POOL_SIZE:10}" 139 downlink_pool_size: "${LWM2M_DOWNLINK_POOL_SIZE:10}"
141 ota_pool_size: "${LWM2M_OTA_POOL_SIZE:10}" 140 ota_pool_size: "${LWM2M_OTA_POOL_SIZE:10}"
142 clean_period_in_sec: "${LWM2M_CLEAN_PERIOD_IN_SEC:2}" 141 clean_period_in_sec: "${LWM2M_CLEAN_PERIOD_IN_SEC:2}"
143 - log_max_length: "${LWM2M_LOG_MAX_LENGTH:100}" 142 + log_max_length: "${LWM2M_LOG_MAX_LENGTH:1024}"
144 # Use redis for Security and Registration stores 143 # Use redis for Security and Registration stores
145 redis.enabled: "${LWM2M_REDIS_ENABLED:false}" 144 redis.enabled: "${LWM2M_REDIS_ENABLED:false}"
146 145