Example 1 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceBulkImportService method saveEntity.
@Override
protected Device saveEntity(Device entity, Map<BulkImportColumnType, String> fields) {
DeviceCredentials deviceCredentials;
try {
deviceCredentials = createDeviceCredentials(fields);
deviceCredentialsService.formatCredentials(deviceCredentials);
} catch (Exception e) {
throw new DeviceCredentialsValidationException("Invalid device credentials: " + e.getMessage());
}
DeviceProfile deviceProfile;
if (deviceCredentials.getCredentialsType() == DeviceCredentialsType.LWM2M_CREDENTIALS) {
deviceProfile = setUpLwM2mDeviceProfile(entity.getTenantId(), entity);
} else if (StringUtils.isNotEmpty(entity.getType())) {
deviceProfile = deviceProfileService.findOrCreateDeviceProfile(entity.getTenantId(), entity.getType());
} else {
deviceProfile = deviceProfileService.findDefaultDeviceProfile(entity.getTenantId());
}
entity.setDeviceProfileId(deviceProfile.getId());
return deviceService.saveDeviceWithCredentials(entity, deviceCredentials);
}
Also used :
DeviceProfile(org.thingsboard.server.common.data.DeviceProfile)
DeviceCredentials(org.thingsboard.server.common.data.security.DeviceCredentials)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
Example 2 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceBulkImportService method setUpLwm2mCredentials.
private void setUpLwm2mCredentials(Map<BulkImportColumnType, String> fields, DeviceCredentials credentials) throws com.fasterxml.jackson.core.JsonProcessingException {
ObjectNode lwm2mCredentials = JacksonUtil.newObjectNode();
Set.of(BulkImportColumnType.LWM2M_CLIENT_SECURITY_CONFIG_MODE, BulkImportColumnType.LWM2M_BOOTSTRAP_SERVER_SECURITY_MODE, BulkImportColumnType.LWM2M_SERVER_SECURITY_MODE).stream().map(fields::get).filter(Objects::nonNull).forEach(securityMode -> {
try {
LwM2MSecurityMode.valueOf(securityMode.toUpperCase());
} catch (IllegalArgumentException e) {
throw new DeviceCredentialsValidationException("Unknown LwM2M security mode: " + securityMode + ", (the mode should be: NO_SEC, PSK, RPK, X509)!");
}
});
ObjectNode client = JacksonUtil.newObjectNode();
setValues(client, fields, Set.of(BulkImportColumnType.LWM2M_CLIENT_SECURITY_CONFIG_MODE, BulkImportColumnType.LWM2M_CLIENT_ENDPOINT, BulkImportColumnType.LWM2M_CLIENT_IDENTITY, BulkImportColumnType.LWM2M_CLIENT_KEY, BulkImportColumnType.LWM2M_CLIENT_CERT));
LwM2MClientCredential lwM2MClientCredential = JacksonUtil.treeToValue(client, LwM2MClientCredential.class);
// so that only fields needed for specific type of lwM2MClientCredentials were saved in json
lwm2mCredentials.set("client", JacksonUtil.valueToTree(lwM2MClientCredential));
ObjectNode bootstrapServer = JacksonUtil.newObjectNode();
setValues(bootstrapServer, fields, Set.of(BulkImportColumnType.LWM2M_BOOTSTRAP_SERVER_SECURITY_MODE, BulkImportColumnType.LWM2M_BOOTSTRAP_SERVER_PUBLIC_KEY_OR_ID, BulkImportColumnType.LWM2M_BOOTSTRAP_SERVER_SECRET_KEY));
ObjectNode lwm2mServer = JacksonUtil.newObjectNode();
setValues(lwm2mServer, fields, Set.of(BulkImportColumnType.LWM2M_SERVER_SECURITY_MODE, BulkImportColumnType.LWM2M_SERVER_CLIENT_PUBLIC_KEY_OR_ID, BulkImportColumnType.LWM2M_SERVER_CLIENT_SECRET_KEY));
ObjectNode bootstrap = JacksonUtil.newObjectNode();
bootstrap.set("bootstrapServer", bootstrapServer);
bootstrap.set("lwm2mServer", lwm2mServer);
lwm2mCredentials.set("bootstrap", bootstrap);
credentials.setCredentialsValue(lwm2mCredentials.toString());
}
Also used :
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
LwM2MClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredential)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
Example 3 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method formatSimpleMqttCredentials.
private void formatSimpleMqttCredentials(DeviceCredentials deviceCredentials) {
BasicMqttCredentials mqttCredentials;
try {
mqttCredentials = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(), BasicMqttCredentials.class);
if (mqttCredentials == null) {
throw new IllegalArgumentException();
}
} catch (IllegalArgumentException e) {
throw new DeviceCredentialsValidationException("Invalid credentials body for simple mqtt credentials!");
}
if (StringUtils.isEmpty(mqttCredentials.getClientId()) && StringUtils.isEmpty(mqttCredentials.getUserName())) {
throw new DeviceCredentialsValidationException("Both mqtt client id and user name are empty!");
}
if (StringUtils.isNotEmpty(mqttCredentials.getClientId()) && StringUtils.isNotEmpty(mqttCredentials.getPassword()) && StringUtils.isEmpty(mqttCredentials.getUserName())) {
throw new DeviceCredentialsValidationException("Password cannot be specified along with client id");
}
if (StringUtils.isEmpty(mqttCredentials.getClientId())) {
deviceCredentials.setCredentialsId(mqttCredentials.getUserName());
} else if (StringUtils.isEmpty(mqttCredentials.getUserName())) {
deviceCredentials.setCredentialsId(EncryptionUtil.getSha3Hash(mqttCredentials.getClientId()));
} else {
deviceCredentials.setCredentialsId(EncryptionUtil.getSha3Hash("|", mqttCredentials.getClientId(), mqttCredentials.getUserName()));
}
if (StringUtils.isNotEmpty(mqttCredentials.getPassword())) {
mqttCredentials.setPassword(mqttCredentials.getPassword());
}
deviceCredentials.setCredentialsValue(JacksonUtil.toString(mqttCredentials));
}
Also used :
BasicMqttCredentials(org.thingsboard.server.common.data.device.credentials.BasicMqttCredentials)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
Example 4 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method validateServerCredentials.
private void validateServerCredentials(LwM2MBootstrapClientCredential serverCredentials, String server) {
switch(serverCredentials.getSecurityMode()) {
case NO_SEC:
break;
case PSK:
PSKBootstrapClientCredential pskCredentials = (PSKBootstrapClientCredential) serverCredentials;
if (StringUtils.isBlank(pskCredentials.getClientPublicKeyOrId())) {
throw new DeviceCredentialsValidationException(server + " client PSK public key or id must be specified and must be an utf8 string!");
}
// SecurityMode.NO_SEC.toString() == "NO_SEC";
if (pskCredentials.getClientPublicKeyOrId().equals(SecurityMode.NO_SEC.toString())) {
throw new DeviceCredentialsValidationException(server + " client PSK public key or id must not be '" + SecurityMode.NO_SEC + "'!");
}
String pskKey = pskCredentials.getClientSecretKey();
if (StringUtils.isBlank(pskKey)) {
throw new DeviceCredentialsValidationException(server + " client PSK key must be specified!");
}
if (!pskKey.matches("-?[0-9a-fA-F]+")) {
throw new DeviceCredentialsValidationException(server + " client PSK key must be random sequence in hex encoding!");
}
if (pskKey.length() % 32 != 0 || pskKey.length() > 128) {
throw new DeviceCredentialsValidationException(server + " client PSK key length = " + pskKey.length() + ". Key must be HexDec format: 32, 64, 128 characters!");
}
break;
case RPK:
RPKBootstrapClientCredential rpkServerCredentials = (RPKBootstrapClientCredential) serverCredentials;
if (StringUtils.isEmpty(rpkServerCredentials.getClientPublicKeyOrId())) {
throw new DeviceCredentialsValidationException(server + " client RPK public key or id must be specified!");
}
try {
String pubkRpkSever = EncryptionUtil.pubkTrimNewLines(rpkServerCredentials.getClientPublicKeyOrId());
rpkServerCredentials.setClientPublicKeyOrId(pubkRpkSever);
SecurityUtil.publicKey.decode(rpkServerCredentials.getDecodedClientPublicKeyOrId());
} catch (Exception e) {
throw new DeviceCredentialsValidationException(server + " client RPK public key or id must be in standard [RFC7250 ] and then encoded to Base64 format!");
}
if (StringUtils.isEmpty(rpkServerCredentials.getClientSecretKey())) {
throw new DeviceCredentialsValidationException(server + " client RPK secret key must be specified!");
}
try {
String prikRpkSever = EncryptionUtil.prikTrimNewLines(rpkServerCredentials.getClientSecretKey());
rpkServerCredentials.setClientSecretKey(prikRpkSever);
SecurityUtil.privateKey.decode(rpkServerCredentials.getDecodedClientSecretKey());
} catch (Exception e) {
throw new DeviceCredentialsValidationException(server + " client RPK secret key must be in PKCS#8 format (DER encoding, standard [RFC5958]) and then encoded to Base64 format!");
}
break;
case X509:
X509BootstrapClientCredential x509ServerCredentials = (X509BootstrapClientCredential) serverCredentials;
if (StringUtils.isBlank(x509ServerCredentials.getClientPublicKeyOrId())) {
throw new DeviceCredentialsValidationException(server + " client X509 public key or id must be specified!");
}
try {
String certServer = EncryptionUtil.certTrimNewLines(x509ServerCredentials.getClientPublicKeyOrId());
x509ServerCredentials.setClientPublicKeyOrId(certServer);
SecurityUtil.certificate.decode(x509ServerCredentials.getDecodedClientPublicKeyOrId());
} catch (Exception e) {
throw new DeviceCredentialsValidationException(server + " client X509 public key or id must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!");
}
if (StringUtils.isBlank(x509ServerCredentials.getClientSecretKey())) {
throw new DeviceCredentialsValidationException(server + " client X509 secret key must be specified!");
}
try {
String prikX509Sever = EncryptionUtil.prikTrimNewLines(x509ServerCredentials.getClientSecretKey());
x509ServerCredentials.setClientSecretKey(prikX509Sever);
SecurityUtil.privateKey.decode(x509ServerCredentials.getDecodedClientSecretKey());
} catch (Exception e) {
throw new DeviceCredentialsValidationException(server + " client X509 secret key must be in PKCS#8 format (DER encoding, standard [RFC5958]) and then encoded to Base64 format!");
}
break;
}
}
Also used :
RPKBootstrapClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.RPKBootstrapClientCredential)
Validator.validateString(org.thingsboard.server.dao.service.Validator.validateString)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
PSKBootstrapClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKBootstrapClientCredential)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
ConstraintViolationException(org.hibernate.exception.ConstraintViolationException)
DataValidationException(org.thingsboard.server.dao.exception.DataValidationException)
X509BootstrapClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509BootstrapClientCredential)
Example 5 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceProfileDataValidator method validateLwm2mServersCredentialOfBootstrapForClient.
private void validateLwm2mServersCredentialOfBootstrapForClient(LwM2MBootstrapServerCredential bootstrapServerConfig) {
String server;
switch(bootstrapServerConfig.getSecurityMode()) {
case NO_SEC:
case PSK:
break;
case RPK:
RPKLwM2MBootstrapServerCredential rpkServerCredentials = (RPKLwM2MBootstrapServerCredential) bootstrapServerConfig;
server = rpkServerCredentials.isBootstrapServerIs() ? "Bootstrap Server" : "LwM2M Server";
if (StringUtils.isEmpty(rpkServerCredentials.getServerPublicKey())) {
throw new DeviceCredentialsValidationException(server + " RPK public key must be specified!");
}
try {
String pubkRpkSever = EncryptionUtil.pubkTrimNewLines(rpkServerCredentials.getServerPublicKey());
rpkServerCredentials.setServerPublicKey(pubkRpkSever);
SecurityUtil.publicKey.decode(rpkServerCredentials.getDecodedCServerPublicKey());
} catch (Exception e) {
throw new DeviceCredentialsValidationException(server + " RPK public key must be in standard [RFC7250] and then encoded to Base64 format!");
}
break;
case X509:
X509LwM2MBootstrapServerCredential x509ServerCredentials = (X509LwM2MBootstrapServerCredential) bootstrapServerConfig;
server = x509ServerCredentials.isBootstrapServerIs() ? "Bootstrap Server" : "LwM2M Server";
if (StringUtils.isEmpty(x509ServerCredentials.getServerPublicKey())) {
throw new DeviceCredentialsValidationException(server + " X509 certificate must be specified!");
}
try {
String certServer = EncryptionUtil.certTrimNewLines(x509ServerCredentials.getServerPublicKey());
x509ServerCredentials.setServerPublicKey(certServer);
SecurityUtil.certificate.decode(x509ServerCredentials.getDecodedCServerPublicKey());
} catch (Exception e) {
throw new DeviceCredentialsValidationException(server + " X509 certificate must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!");
}
break;
}
}
Also used :
X509LwM2MBootstrapServerCredential(org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.X509LwM2MBootstrapServerCredential)
RPKLwM2MBootstrapServerCredential(org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.RPKLwM2MBootstrapServerCredential)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
DataValidationException(org.thingsboard.server.dao.exception.DataValidationException)
Aggregations
DeviceCredentialsValidationException (org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)9
LwM2MClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredential)3
DataValidationException (org.thingsboard.server.dao.exception.DataValidationException)3
Validator.validateString (org.thingsboard.server.dao.service.Validator.validateString)3
ConstraintViolationException (org.hibernate.exception.ConstraintViolationException)2
X509ClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)2
RPKLwM2MBootstrapServerCredential (org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.RPKLwM2MBootstrapServerCredential)2
X509LwM2MBootstrapServerCredential (org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.X509LwM2MBootstrapServerCredential)2
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1
HashSet (java.util.HashSet)1
DeviceProfile (org.thingsboard.server.common.data.DeviceProfile)1
BasicMqttCredentials (org.thingsboard.server.common.data.device.credentials.BasicMqttCredentials)1
LwM2MBootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MBootstrapClientCredential)1
LwM2MBootstrapClientCredentials (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MBootstrapClientCredentials)1
LwM2MDeviceCredentials (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)1
PSKBootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.PSKBootstrapClientCredential)1
PSKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)1
RPKBootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.RPKBootstrapClientCredential)1
RPKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential)1
X509BootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.X509BootstrapClientCredential)1
