Search in sources :

Example 1 with DefaultAuthorizer

use of org.eclipse.leshan.server.security.DefaultAuthorizer in project leshan by eclipse.

the class LeshanServerBuilder method build.

public LeshanServer build() {
    if (localAddress == null)
        localAddress = new InetSocketAddress(LwM2m.DEFAULT_COAP_PORT);
    if (registrationStore == null)
        registrationStore = new InMemoryRegistrationStore();
    if (authorizer == null)
        authorizer = new DefaultAuthorizer(securityStore);
    if (modelProvider == null)
        modelProvider = new StandardModelProvider();
    if (encoder == null)
        encoder = new DefaultLwM2mNodeEncoder();
    if (decoder == null)
        decoder = new DefaultLwM2mNodeDecoder();
    if (coapConfig == null)
        coapConfig = createDefaultNetworkConfig();
    if (awakeTimeProvider == null)
        awakeTimeProvider = new StaticClientAwakeTimeProvider();
    // handle dtlsConfig
    DtlsConnectorConfig dtlsConfig = null;
    if (!noSecuredEndpoint) {
        if (dtlsConfigBuilder == null) {
            dtlsConfigBuilder = new DtlsConnectorConfig.Builder();
        }
        // set default DTLS setting for Leshan unless user change it.
        DtlsConnectorConfig incompleteConfig = dtlsConfigBuilder.getIncompleteConfig();
        // Handle PSK Store
        if (incompleteConfig.getPskStore() == null && securityStore != null) {
            dtlsConfigBuilder.setPskStore(new LwM2mPskStore(this.securityStore, registrationStore));
        } else {
            LOG.warn("PskStore should be automatically set by Leshan. Using a custom implementation is not advised.");
        }
        // Handle secure address
        if (incompleteConfig.getAddress() == null) {
            if (localSecureAddress == null) {
                localSecureAddress = new InetSocketAddress(LwM2m.DEFAULT_COAP_SECURE_PORT);
            }
            dtlsConfigBuilder.setAddress(localSecureAddress);
        } else if (localSecureAddress != null && !localSecureAddress.equals(incompleteConfig.getAddress())) {
            throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for secure address: %s != %s", localSecureAddress, incompleteConfig.getAddress()));
        }
        // Handle active peers
        if (incompleteConfig.getMaxConnections() == null)
            dtlsConfigBuilder.setMaxConnections(coapConfig.getInt(Keys.MAX_ACTIVE_PEERS));
        if (incompleteConfig.getStaleConnectionThreshold() == null)
            dtlsConfigBuilder.setStaleConnectionThreshold(coapConfig.getLong(Keys.MAX_PEER_INACTIVITY_PERIOD));
        // handle trusted certificates
        if (trustedCertificates != null) {
            if (incompleteConfig.getTrustStore() == null) {
                dtlsConfigBuilder.setTrustStore(trustedCertificates);
            } else if (!Arrays.equals(trustedCertificates, incompleteConfig.getTrustStore())) {
                throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for trusted Certificates (trustStore) : \n%s != \n%s", Arrays.toString(trustedCertificates), Arrays.toString(incompleteConfig.getTrustStore())));
            }
        }
        // check conflict for private key
        if (privateKey != null) {
            if (incompleteConfig.getPrivateKey() != null && !incompleteConfig.getPrivateKey().equals(privateKey)) {
                throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for private key: %s != %s", privateKey, incompleteConfig.getPrivateKey()));
            }
            // if in raw key mode and not in X.509 set the raw keys
            if (certificateChain == null && publicKey != null) {
                if (incompleteConfig.getPublicKey() != null && !incompleteConfig.getPublicKey().equals(publicKey)) {
                    throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for public key: %s != %s", publicKey, incompleteConfig.getPublicKey()));
                }
                dtlsConfigBuilder.setIdentity(privateKey, publicKey);
            }
            // if in X.509 mode set the private key, certificate chain, public key is extracted from the certificate
            if (certificateChain != null && certificateChain.length > 0) {
                if (incompleteConfig.getCertificateChain() != null && !Arrays.equals(incompleteConfig.getCertificateChain(), certificateChain)) {
                    throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for certificate chain: %s != %s", Arrays.toString(certificateChain), Arrays.toString(incompleteConfig.getCertificateChain())));
                }
                dtlsConfigBuilder.setIdentity(privateKey, certificateChain, false);
            }
        }
        // we try to build the dtlsConfig, if it fail we will just not create the secured endpoint
        try {
            dtlsConfig = dtlsConfigBuilder.build();
        } catch (IllegalStateException e) {
        }
    }
    // create endpoints
    CoapEndpoint unsecuredEndpoint = null;
    if (!noUnsecuredEndpoint) {
        if (endpointFactory != null) {
            unsecuredEndpoint = endpointFactory.createUnsecuredEndpoint(localAddress, coapConfig, registrationStore);
        } else {
            CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
            builder.setInetSocketAddress(localAddress);
            builder.setNetworkConfig(coapConfig);
            builder.setObservationStore(registrationStore);
            unsecuredEndpoint = builder.build();
        }
    }
    CoapEndpoint securedEndpoint = null;
    if (!noSecuredEndpoint && dtlsConfig != null) {
        if (endpointFactory != null) {
            securedEndpoint = endpointFactory.createSecuredEndpoint(dtlsConfig, coapConfig, registrationStore);
        } else {
            CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
            builder.setConnector(new DTLSConnector(dtlsConfig));
            builder.setNetworkConfig(coapConfig);
            builder.setObservationStore(registrationStore);
            builder.setEndpointContextMatcher(new Lwm2mEndpointContextMatcher());
            securedEndpoint = builder.build();
        }
    }
    if (securedEndpoint == null && unsecuredEndpoint == null) {
        throw new IllegalStateException("All CoAP enpoints are deactivated, at least one endpoint should be activated");
    }
    return new LeshanServer(unsecuredEndpoint, securedEndpoint, registrationStore, securityStore, authorizer, modelProvider, encoder, decoder, coapConfig, noQueueMode, awakeTimeProvider);
}
Also used : StandardModelProvider(org.eclipse.leshan.server.model.StandardModelProvider) InetSocketAddress(java.net.InetSocketAddress) InMemoryRegistrationStore(org.eclipse.leshan.server.californium.impl.InMemoryRegistrationStore) DefaultLwM2mNodeEncoder(org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeEncoder) DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig) DTLSConnector(org.eclipse.californium.scandium.DTLSConnector) StaticClientAwakeTimeProvider(org.eclipse.leshan.server.queue.StaticClientAwakeTimeProvider) DefaultLwM2mNodeDecoder(org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeDecoder) Lwm2mEndpointContextMatcher(org.eclipse.leshan.core.californium.Lwm2mEndpointContextMatcher) LeshanServer(org.eclipse.leshan.server.californium.impl.LeshanServer) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint) DefaultAuthorizer(org.eclipse.leshan.server.security.DefaultAuthorizer) LwM2mPskStore(org.eclipse.leshan.server.californium.impl.LwM2mPskStore)

Aggregations

InetSocketAddress (java.net.InetSocketAddress)1 CoapEndpoint (org.eclipse.californium.core.network.CoapEndpoint)1 DTLSConnector (org.eclipse.californium.scandium.DTLSConnector)1 DtlsConnectorConfig (org.eclipse.californium.scandium.config.DtlsConnectorConfig)1 Lwm2mEndpointContextMatcher (org.eclipse.leshan.core.californium.Lwm2mEndpointContextMatcher)1 DefaultLwM2mNodeDecoder (org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeDecoder)1 DefaultLwM2mNodeEncoder (org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeEncoder)1 InMemoryRegistrationStore (org.eclipse.leshan.server.californium.impl.InMemoryRegistrationStore)1 LeshanServer (org.eclipse.leshan.server.californium.impl.LeshanServer)1 LwM2mPskStore (org.eclipse.leshan.server.californium.impl.LwM2mPskStore)1 StandardModelProvider (org.eclipse.leshan.server.model.StandardModelProvider)1 StaticClientAwakeTimeProvider (org.eclipse.leshan.server.queue.StaticClientAwakeTimeProvider)1 DefaultAuthorizer (org.eclipse.leshan.server.security.DefaultAuthorizer)1