Example 1 with PSKClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential in project thingsboard by thingsboard.
the class LwM2mCredentialsSecurityInfoValidator method createClientSecurityInfoPSK.
private void createClientSecurityInfoPSK(TbLwM2MSecurityInfo result, String endpoint, LwM2MClientCredential clientCredentialsConfig) {
PSKClientCredential pskConfig = (PSKClientCredential) clientCredentialsConfig;
if (StringUtils.isNotEmpty(pskConfig.getIdentity())) {
try {
if (pskConfig.getDecoded() != null && pskConfig.getDecoded().length > 0) {
endpoint = StringUtils.isNotEmpty(pskConfig.getEndpoint()) ? pskConfig.getEndpoint() : endpoint;
if (endpoint != null && !endpoint.isEmpty()) {
result.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(endpoint, pskConfig.getIdentity(), pskConfig.getDecoded()));
result.setSecurityMode(PSK);
}
}
} catch (IllegalArgumentException | DecoderException e) {
log.error("Missing PSK key: " + e.getMessage());
}
} else {
log.error("Missing PSK identity");
}
}
Also used :
DecoderException(org.apache.commons.codec.DecoderException)
PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)
Example 2 with PSKClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential in project thingsboard by thingsboard.
the class PskLwm2mIntegrationTest method testWithPskConnectLwm2mBadPskKeyByLength_BAD_REQUEST.
@Test
public void testWithPskConnectLwm2mBadPskKeyByLength_BAD_REQUEST() throws Exception {
String clientEndpoint = CLIENT_ENDPOINT_PSK;
String identity = CLIENT_PSK_IDENTITY + "_BadLength";
String keyPsk = CLIENT_PSK_KEY + "05AC";
PSKClientCredential clientCredentials = new PSKClientCredential();
clientCredentials.setEndpoint(clientEndpoint);
clientCredentials.setIdentity(identity);
clientCredentials.setKey(keyPsk);
Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(PSK, NONE));
createDeviceProfile(transportConfiguration);
LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK, false);
MvcResult result = createDeviceWithMvcResult(deviceCredentials, clientEndpoint);
assertEquals(HttpServletResponse.SC_BAD_REQUEST, result.getResponse().getStatus());
String msgExpected = "Key must be HexDec format: 32, 64, 128 characters!";
assertTrue(result.getResponse().getContentAsString().contains(msgExpected));
}
Also used :
LwM2MDeviceCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)
Lwm2mDeviceProfileTransportConfiguration(org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)
PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)
MvcResult(org.springframework.test.web.servlet.MvcResult)
Test(org.junit.Test)
AbstractSecurityLwM2MIntegrationTest(org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)
Example 3 with PSKClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential in project thingsboard by thingsboard.
the class PskLwm2mIntegrationTest method testWithPskConnectBsSuccess_UpdateTwoSectionsBootstrapAndLm2m_ConnectLwm2mSuccess.
// Bootstrap + Lwm2m
@Test
public void testWithPskConnectBsSuccess_UpdateTwoSectionsBootstrapAndLm2m_ConnectLwm2mSuccess() throws Exception {
String clientEndpoint = CLIENT_ENDPOINT_PSK_BS;
String identity = CLIENT_PSK_IDENTITY_BS;
String keyPsk = CLIENT_PSK_KEY;
PSKClientCredential clientCredentials = new PSKClientCredential();
clientCredentials.setEndpoint(clientEndpoint);
clientCredentials.setIdentity(identity);
clientCredentials.setKey(keyPsk);
Security securityBs = pskBootstrap(SECURE_URI_BS, identity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(keyPsk.toCharArray()));
Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(PSK, BOTH));
LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK, false);
this.basicTestConnection(securityBs, deviceCredentials, COAP_CONFIG_BS, clientEndpoint, transportConfiguration, "await on client state (PskBS two section)", expectedStatusesRegistrationBsSuccess, true, ON_REGISTRATION_SUCCESS, true);
}
Also used :
LwM2MDeviceCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)
Lwm2mDeviceProfileTransportConfiguration(org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)
PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)
Security(org.eclipse.leshan.client.object.Security)
Test(org.junit.Test)
AbstractSecurityLwM2MIntegrationTest(org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)
Example 4 with PSKClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential in project thingsboard by thingsboard.
the class PskLwm2mIntegrationTest method testWithPskConnectLwm2mSuccess.
// Lwm2m only
@Test
public void testWithPskConnectLwm2mSuccess() throws Exception {
String clientEndpoint = CLIENT_ENDPOINT_PSK;
String identity = CLIENT_PSK_IDENTITY;
String keyPsk = CLIENT_PSK_KEY;
PSKClientCredential clientCredentials = new PSKClientCredential();
clientCredentials.setEndpoint(clientEndpoint);
clientCredentials.setIdentity(identity);
clientCredentials.setKey(keyPsk);
Security security = psk(SECURE_URI, shortServerId, identity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(keyPsk.toCharArray()));
Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(PSK, NONE));
LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK, false);
this.basicTestConnection(security, deviceCredentials, COAP_CONFIG, clientEndpoint, transportConfiguration, "await on client state (Psk_Lwm2m)", expectedStatusesRegistrationLwm2mSuccess, false, ON_REGISTRATION_SUCCESS, true);
}
Also used :
LwM2MDeviceCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)
Lwm2mDeviceProfileTransportConfiguration(org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)
PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)
Security(org.eclipse.leshan.client.object.Security)
Test(org.junit.Test)
AbstractSecurityLwM2MIntegrationTest(org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)
Example 5 with PSKClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method validateLwM2MClientCredentials.
private void validateLwM2MClientCredentials(LwM2MClientCredential clientCredentials) {
if (StringUtils.isBlank(clientCredentials.getEndpoint())) {
throw new DeviceCredentialsValidationException("LwM2M client endpoint must be specified!");
}
switch(clientCredentials.getSecurityConfigClientMode()) {
case NO_SEC:
break;
case PSK:
PSKClientCredential pskCredentials = (PSKClientCredential) clientCredentials;
if (StringUtils.isBlank(pskCredentials.getIdentity())) {
throw new DeviceCredentialsValidationException("LwM2M client PSK identity must be specified and must be an utf8 string!");
}
// SecurityMode.NO_SEC.toString() == "NO_SEC";
if (pskCredentials.getIdentity().equals(SecurityMode.NO_SEC.toString())) {
throw new DeviceCredentialsValidationException("The PSK ID of the LwM2M client must not be '" + SecurityMode.NO_SEC + "'!");
}
String pskKey = pskCredentials.getKey();
if (StringUtils.isBlank(pskKey)) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key must be specified!");
}
if (!pskKey.matches("-?[0-9a-fA-F]+")) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key must be random sequence in hex encoding!");
}
if (pskKey.length() % 32 != 0 || pskKey.length() > 128) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key length = " + pskKey.length() + ". Key must be HexDec format: 32, 64, 128 characters!");
}
break;
case RPK:
RPKClientCredential rpkCredentials = (RPKClientCredential) clientCredentials;
if (StringUtils.isBlank(rpkCredentials.getKey())) {
throw new DeviceCredentialsValidationException("LwM2M client RPK key must be specified!");
}
try {
String pubkClient = EncryptionUtil.pubkTrimNewLines(rpkCredentials.getKey());
rpkCredentials.setKey(pubkClient);
SecurityUtil.publicKey.decode(rpkCredentials.getDecoded());
} catch (Exception e) {
throw new DeviceCredentialsValidationException("LwM2M client RPK key must be in standard [RFC7250] and support only EC algorithm and then encoded to Base64 format!");
}
break;
case X509:
X509ClientCredential x509CCredentials = (X509ClientCredential) clientCredentials;
if (StringUtils.isNotEmpty(x509CCredentials.getCert())) {
try {
String certClient = EncryptionUtil.certTrimNewLines(x509CCredentials.getCert());
x509CCredentials.setCert(certClient);
SecurityUtil.certificate.decode(x509CCredentials.getDecoded());
} catch (Exception e) {
throw new DeviceCredentialsValidationException("LwM2M client X509 certificate must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!");
}
}
break;
}
}
Also used :
PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)
Validator.validateString(org.thingsboard.server.dao.service.Validator.validateString)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
ConstraintViolationException(org.hibernate.exception.ConstraintViolationException)
DataValidationException(org.thingsboard.server.dao.exception.DataValidationException)
RPKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential)
X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)
Aggregations
PSKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)5
Test (org.junit.Test)3
LwM2MDeviceCredentials (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)3
Lwm2mDeviceProfileTransportConfiguration (org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)3
AbstractSecurityLwM2MIntegrationTest (org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)3
Security (org.eclipse.leshan.client.object.Security)2
DecoderException (org.apache.commons.codec.DecoderException)1
ConstraintViolationException (org.hibernate.exception.ConstraintViolationException)1
MvcResult (org.springframework.test.web.servlet.MvcResult)1
RPKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential)1
X509ClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)1
DataValidationException (org.thingsboard.server.dao.exception.DataValidationException)1
DeviceCredentialsValidationException (org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)1
Validator.validateString (org.thingsboard.server.dao.service.Validator.validateString)1
