Example 6 with X509ClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential in project thingsboard by thingsboard.
the class X509_TrustLwM2MIntegrationTest method testWithX509TrustConnectLwm2mSuccess.
// Lwm2m only
@Test
public void testWithX509TrustConnectLwm2mSuccess() throws Exception {
String clientEndpoint = CLIENT_ENDPOINT_X509_TRUST;
X509Certificate certificate = clientX509CertTrust;
PrivateKey privateKey = clientPrivateKeyFromCertTrust;
X509ClientCredential clientCredentials = new X509ClientCredential();
clientCredentials.setEndpoint(clientEndpoint);
clientCredentials.setCert("");
Security security = x509(SECURE_URI, shortServerId, certificate.getEncoded(), privateKey.getEncoded(), serverX509Cert.getEncoded());
Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, NONE));
LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, false);
this.basicTestConnection(security, deviceCredentials, COAP_CONFIG, clientEndpoint, transportConfiguration, "await on client state (X509_Trust_Lwm2m)", expectedStatusesRegistrationLwm2mSuccess, false, ON_REGISTRATION_SUCCESS, true);
}
Also used :
PrivateKey(java.security.PrivateKey)
LwM2MDeviceCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)
Lwm2mDeviceProfileTransportConfiguration(org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)
Security(org.eclipse.leshan.client.object.Security)
X509Certificate(java.security.cert.X509Certificate)
X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)
Test(org.junit.Test)
AbstractSecurityLwM2MIntegrationTest(org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)
Example 7 with X509ClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential in project thingsboard by thingsboard.
the class X509_TrustLwM2MIntegrationTest method testWithX509TrustConnectBsSuccess_UpdateTwoSectionsBootstrapAndLm2m_ConnectLwm2mSuccess.
// Bootstrap + Lwm2m
@Test
public void testWithX509TrustConnectBsSuccess_UpdateTwoSectionsBootstrapAndLm2m_ConnectLwm2mSuccess() throws Exception {
String clientEndpoint = CLIENT_ENDPOINT_X509_TRUST;
X509Certificate certificate = clientX509CertTrust;
PrivateKey privateKey = clientPrivateKeyFromCertTrust;
X509ClientCredential clientCredentials = new X509ClientCredential();
clientCredentials.setEndpoint(clientEndpoint);
clientCredentials.setCert("");
Security security = x509Bootstrap(SECURE_URI_BS, certificate.getEncoded(), privateKey.getEncoded(), serverX509CertBs.getEncoded());
Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, BOTH));
LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, false);
this.basicTestConnection(security, deviceCredentials, COAP_CONFIG_BS, clientEndpoint, transportConfiguration, "await on client state (X509Trust two section)", expectedStatusesRegistrationBsSuccess, true, ON_REGISTRATION_SUCCESS, true);
}
Also used :
PrivateKey(java.security.PrivateKey)
LwM2MDeviceCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)
Lwm2mDeviceProfileTransportConfiguration(org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)
Security(org.eclipse.leshan.client.object.Security)
X509Certificate(java.security.cert.X509Certificate)
X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)
Test(org.junit.Test)
AbstractSecurityLwM2MIntegrationTest(org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)
Example 8 with X509ClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method formatAndValidateSimpleLwm2mCredentials.
private void formatAndValidateSimpleLwm2mCredentials(DeviceCredentials deviceCredentials) {
LwM2MDeviceCredentials lwM2MCredentials;
try {
lwM2MCredentials = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(), LwM2MDeviceCredentials.class);
validateLwM2MDeviceCredentials(lwM2MCredentials);
} catch (IllegalArgumentException e) {
throw new DeviceCredentialsValidationException("Invalid credentials body for LwM2M credentials!");
}
String credentialsId = null;
LwM2MClientCredential clientCredentials = lwM2MCredentials.getClient();
switch(clientCredentials.getSecurityConfigClientMode()) {
case NO_SEC:
case RPK:
deviceCredentials.setCredentialsValue(JacksonUtil.toString(lwM2MCredentials));
credentialsId = clientCredentials.getEndpoint();
break;
case PSK:
credentialsId = ((PSKClientCredential) clientCredentials).getIdentity();
break;
case X509:
deviceCredentials.setCredentialsValue(JacksonUtil.toString(lwM2MCredentials));
X509ClientCredential x509ClientConfig = (X509ClientCredential) clientCredentials;
if ((StringUtils.isNotBlank(x509ClientConfig.getCert()))) {
String sha3Hash = EncryptionUtil.getSha3Hash(x509ClientConfig.getCert());
credentialsId = sha3Hash;
} else {
credentialsId = x509ClientConfig.getEndpoint();
}
break;
}
if (credentialsId == null) {
throw new DeviceCredentialsValidationException("Invalid credentials body for LwM2M credentials!");
}
deviceCredentials.setCredentialsId(credentialsId);
}
Also used :
LwM2MDeviceCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)
LwM2MClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredential)
Validator.validateString(org.thingsboard.server.dao.service.Validator.validateString)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)
Example 9 with X509ClientCredential
use of org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method validateLwM2MClientCredentials.
private void validateLwM2MClientCredentials(LwM2MClientCredential clientCredentials) {
if (StringUtils.isBlank(clientCredentials.getEndpoint())) {
throw new DeviceCredentialsValidationException("LwM2M client endpoint must be specified!");
}
switch(clientCredentials.getSecurityConfigClientMode()) {
case NO_SEC:
break;
case PSK:
PSKClientCredential pskCredentials = (PSKClientCredential) clientCredentials;
if (StringUtils.isBlank(pskCredentials.getIdentity())) {
throw new DeviceCredentialsValidationException("LwM2M client PSK identity must be specified and must be an utf8 string!");
}
// SecurityMode.NO_SEC.toString() == "NO_SEC";
if (pskCredentials.getIdentity().equals(SecurityMode.NO_SEC.toString())) {
throw new DeviceCredentialsValidationException("The PSK ID of the LwM2M client must not be '" + SecurityMode.NO_SEC + "'!");
}
String pskKey = pskCredentials.getKey();
if (StringUtils.isBlank(pskKey)) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key must be specified!");
}
if (!pskKey.matches("-?[0-9a-fA-F]+")) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key must be random sequence in hex encoding!");
}
if (pskKey.length() % 32 != 0 || pskKey.length() > 128) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key length = " + pskKey.length() + ". Key must be HexDec format: 32, 64, 128 characters!");
}
break;
case RPK:
RPKClientCredential rpkCredentials = (RPKClientCredential) clientCredentials;
if (StringUtils.isBlank(rpkCredentials.getKey())) {
throw new DeviceCredentialsValidationException("LwM2M client RPK key must be specified!");
}
try {
String pubkClient = EncryptionUtil.pubkTrimNewLines(rpkCredentials.getKey());
rpkCredentials.setKey(pubkClient);
SecurityUtil.publicKey.decode(rpkCredentials.getDecoded());
} catch (Exception e) {
throw new DeviceCredentialsValidationException("LwM2M client RPK key must be in standard [RFC7250] and support only EC algorithm and then encoded to Base64 format!");
}
break;
case X509:
X509ClientCredential x509CCredentials = (X509ClientCredential) clientCredentials;
if (StringUtils.isNotEmpty(x509CCredentials.getCert())) {
try {
String certClient = EncryptionUtil.certTrimNewLines(x509CCredentials.getCert());
x509CCredentials.setCert(certClient);
SecurityUtil.certificate.decode(x509CCredentials.getDecoded());
} catch (Exception e) {
throw new DeviceCredentialsValidationException("LwM2M client X509 certificate must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!");
}
}
break;
}
}
Also used :
PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)
Validator.validateString(org.thingsboard.server.dao.service.Validator.validateString)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
ConstraintViolationException(org.hibernate.exception.ConstraintViolationException)
DataValidationException(org.thingsboard.server.dao.exception.DataValidationException)
RPKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential)
X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)
Aggregations
X509ClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)9
X509Certificate (java.security.cert.X509Certificate)7
LwM2MDeviceCredentials (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)7
PrivateKey (java.security.PrivateKey)6
Test (org.junit.Test)6
Lwm2mDeviceProfileTransportConfiguration (org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration)6
AbstractSecurityLwM2MIntegrationTest (org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest)6
Security (org.eclipse.leshan.client.object.Security)4
MvcResult (org.springframework.test.web.servlet.MvcResult)2
DeviceCredentialsValidationException (org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)2
Validator.validateString (org.thingsboard.server.dao.service.Validator.validateString)2
PublicKey (java.security.PublicKey)1
CertPath (java.security.cert.CertPath)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
CertificateExpiredException (java.security.cert.CertificateExpiredException)1
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)1
AlertMessage (org.eclipse.californium.scandium.dtls.AlertMessage)1
CertificateVerificationResult (org.eclipse.californium.scandium.dtls.CertificateVerificationResult)1
HandshakeException (org.eclipse.californium.scandium.dtls.HandshakeException)1
NonUniqueSecurityInfoException (org.eclipse.leshan.server.security.NonUniqueSecurityInfoException)1
