Examples with RPKClientCredential - org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential

Example 6 with RPKClientCredential

use of org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential in project thingsboard by thingsboard.

the class DeviceCredentialsServiceImpl method validateLwM2MClientCredentials.

private void validateLwM2MClientCredentials(LwM2MClientCredential clientCredentials) {
    if (StringUtils.isBlank(clientCredentials.getEndpoint())) {
        throw new DeviceCredentialsValidationException("LwM2M client endpoint must be specified!");
    }
    switch(clientCredentials.getSecurityConfigClientMode()) {
        case NO_SEC:
            break;
        case PSK:
            PSKClientCredential pskCredentials = (PSKClientCredential) clientCredentials;
            if (StringUtils.isBlank(pskCredentials.getIdentity())) {
                throw new DeviceCredentialsValidationException("LwM2M client PSK identity must be specified and must be an utf8 string!");
            }
            // SecurityMode.NO_SEC.toString() == "NO_SEC";
            if (pskCredentials.getIdentity().equals(SecurityMode.NO_SEC.toString())) {
                throw new DeviceCredentialsValidationException("The PSK ID of the LwM2M client must not be '" + SecurityMode.NO_SEC + "'!");
            }
            String pskKey = pskCredentials.getKey();
            if (StringUtils.isBlank(pskKey)) {
                throw new DeviceCredentialsValidationException("LwM2M client PSK key must be specified!");
            }
            if (!pskKey.matches("-?[0-9a-fA-F]+")) {
                throw new DeviceCredentialsValidationException("LwM2M client PSK key must be random sequence in hex encoding!");
            }
            if (pskKey.length() % 32 != 0 || pskKey.length() > 128) {
                throw new DeviceCredentialsValidationException("LwM2M client PSK key length = " + pskKey.length() + ". Key must be HexDec format: 32, 64, 128 characters!");
            }
            break;
        case RPK:
            RPKClientCredential rpkCredentials = (RPKClientCredential) clientCredentials;
            if (StringUtils.isBlank(rpkCredentials.getKey())) {
                throw new DeviceCredentialsValidationException("LwM2M client RPK key must be specified!");
            }
            try {
                String pubkClient = EncryptionUtil.pubkTrimNewLines(rpkCredentials.getKey());
                rpkCredentials.setKey(pubkClient);
                SecurityUtil.publicKey.decode(rpkCredentials.getDecoded());
            } catch (Exception e) {
                throw new DeviceCredentialsValidationException("LwM2M client RPK key must be in standard [RFC7250] and support only EC algorithm and then encoded to Base64 format!");
            }
            break;
        case X509:
            X509ClientCredential x509CCredentials = (X509ClientCredential) clientCredentials;
            if (StringUtils.isNotEmpty(x509CCredentials.getCert())) {
                try {
                    String certClient = EncryptionUtil.certTrimNewLines(x509CCredentials.getCert());
                    x509CCredentials.setCert(certClient);
                    SecurityUtil.certificate.decode(x509CCredentials.getDecoded());
                } catch (Exception e) {
                    throw new DeviceCredentialsValidationException("LwM2M client X509 certificate must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!");
                }
            }
            break;
    }
}

Also used : PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential) Validator.validateString(org.thingsboard.server.dao.service.Validator.validateString) DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException) DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException) ConstraintViolationException(org.hibernate.exception.ConstraintViolationException) DataValidationException(org.thingsboard.server.dao.exception.DataValidationException) RPKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential) X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)

Aggregations

RPKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential)6 PrivateKey (java.security.PrivateKey)4 X509Certificate (java.security.cert.X509Certificate)4 Test (org.junit.Test)4 LwM2MDeviceCredentials (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)4 Lwm2mDeviceProfileTransportConfiguration (org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)4 AbstractSecurityLwM2MIntegrationTest (org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)4 Security (org.eclipse.leshan.client.object.Security)2 MvcResult (org.springframework.test.web.servlet.MvcResult)2 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 PublicKey (java.security.PublicKey)1 DecoderException (org.apache.commons.codec.DecoderException)1 ConstraintViolationException (org.hibernate.exception.ConstraintViolationException)1 PSKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)1 X509ClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)1 DataValidationException (org.thingsboard.server.dao.exception.DataValidationException)1 DeviceCredentialsValidationException (org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)1 Validator.validateString (org.thingsboard.server.dao.service.Validator.validateString)1