Example 6 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceProfileDataValidator method validateLwm2mServersConfigOfBootstrapForClient.
private void validateLwm2mServersConfigOfBootstrapForClient(List<LwM2MBootstrapServerCredential> lwM2MBootstrapServersConfigurations, boolean isBootstrapServerUpdateEnable) {
Set<String> uris = new HashSet<>();
Set<Integer> shortServerIds = new HashSet<>();
for (LwM2MBootstrapServerCredential bootstrapServerCredential : lwM2MBootstrapServersConfigurations) {
AbstractLwM2MBootstrapServerCredential serverConfig = (AbstractLwM2MBootstrapServerCredential) bootstrapServerCredential;
if (!isBootstrapServerUpdateEnable && serverConfig.isBootstrapServerIs()) {
throw new DeviceCredentialsValidationException("Bootstrap config must not include \"Bootstrap Server\". \"Include Bootstrap Server updates\" is " + isBootstrapServerUpdateEnable + ".");
}
String server = serverConfig.isBootstrapServerIs() ? "Bootstrap Server" : "LwM2M Server" + " shortServerId: " + serverConfig.getShortServerId() + ":";
if (serverConfig.getShortServerId() < 1 || serverConfig.getShortServerId() > 65534) {
throw new DeviceCredentialsValidationException(server + " ShortServerId must not be less than 1 and more than 65534!");
}
if (!shortServerIds.add(serverConfig.getShortServerId())) {
throw new DeviceCredentialsValidationException(server + " \"Short server Id\" value = " + serverConfig.getShortServerId() + ". This value must be a unique value for all servers!");
}
String uri = serverConfig.getHost() + ":" + serverConfig.getPort();
if (!uris.add(uri)) {
throw new DeviceCredentialsValidationException(server + " \"Host + port\" value = " + uri + ". This value must be a unique value for all servers!");
}
Integer port;
if (LwM2MSecurityMode.NO_SEC.equals(serverConfig.getSecurityMode())) {
port = serverConfig.isBootstrapServerIs() ? 5687 : 5685;
} else {
port = serverConfig.isBootstrapServerIs() ? 5688 : 5686;
}
if (serverConfig.getPort() == null || serverConfig.getPort().intValue() != port) {
String errMsg = server + " \"Port\" value = " + serverConfig.getPort() + ". This value for security " + serverConfig.getSecurityMode().name() + " must be " + port + "!";
throw new DeviceCredentialsValidationException(errMsg);
}
}
}
Also used :
AbstractLwM2MBootstrapServerCredential(org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.AbstractLwM2MBootstrapServerCredential)
RPKLwM2MBootstrapServerCredential(org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.RPKLwM2MBootstrapServerCredential)
LwM2MBootstrapServerCredential(org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.LwM2MBootstrapServerCredential)
X509LwM2MBootstrapServerCredential(org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.X509LwM2MBootstrapServerCredential)
AbstractLwM2MBootstrapServerCredential(org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.AbstractLwM2MBootstrapServerCredential)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
HashSet(java.util.HashSet)
Example 7 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method formatAndValidateSimpleLwm2mCredentials.
private void formatAndValidateSimpleLwm2mCredentials(DeviceCredentials deviceCredentials) {
LwM2MDeviceCredentials lwM2MCredentials;
try {
lwM2MCredentials = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(), LwM2MDeviceCredentials.class);
validateLwM2MDeviceCredentials(lwM2MCredentials);
} catch (IllegalArgumentException e) {
throw new DeviceCredentialsValidationException("Invalid credentials body for LwM2M credentials!");
}
String credentialsId = null;
LwM2MClientCredential clientCredentials = lwM2MCredentials.getClient();
switch(clientCredentials.getSecurityConfigClientMode()) {
case NO_SEC:
case RPK:
deviceCredentials.setCredentialsValue(JacksonUtil.toString(lwM2MCredentials));
credentialsId = clientCredentials.getEndpoint();
break;
case PSK:
credentialsId = ((PSKClientCredential) clientCredentials).getIdentity();
break;
case X509:
deviceCredentials.setCredentialsValue(JacksonUtil.toString(lwM2MCredentials));
X509ClientCredential x509ClientConfig = (X509ClientCredential) clientCredentials;
if ((StringUtils.isNotBlank(x509ClientConfig.getCert()))) {
String sha3Hash = EncryptionUtil.getSha3Hash(x509ClientConfig.getCert());
credentialsId = sha3Hash;
} else {
credentialsId = x509ClientConfig.getEndpoint();
}
break;
}
if (credentialsId == null) {
throw new DeviceCredentialsValidationException("Invalid credentials body for LwM2M credentials!");
}
deviceCredentials.setCredentialsId(credentialsId);
}
Also used :
LwM2MDeviceCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)
LwM2MClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredential)
Validator.validateString(org.thingsboard.server.dao.service.Validator.validateString)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)
Example 8 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method validateLwM2MClientCredentials.
private void validateLwM2MClientCredentials(LwM2MClientCredential clientCredentials) {
if (StringUtils.isBlank(clientCredentials.getEndpoint())) {
throw new DeviceCredentialsValidationException("LwM2M client endpoint must be specified!");
}
switch(clientCredentials.getSecurityConfigClientMode()) {
case NO_SEC:
break;
case PSK:
PSKClientCredential pskCredentials = (PSKClientCredential) clientCredentials;
if (StringUtils.isBlank(pskCredentials.getIdentity())) {
throw new DeviceCredentialsValidationException("LwM2M client PSK identity must be specified and must be an utf8 string!");
}
// SecurityMode.NO_SEC.toString() == "NO_SEC";
if (pskCredentials.getIdentity().equals(SecurityMode.NO_SEC.toString())) {
throw new DeviceCredentialsValidationException("The PSK ID of the LwM2M client must not be '" + SecurityMode.NO_SEC + "'!");
}
String pskKey = pskCredentials.getKey();
if (StringUtils.isBlank(pskKey)) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key must be specified!");
}
if (!pskKey.matches("-?[0-9a-fA-F]+")) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key must be random sequence in hex encoding!");
}
if (pskKey.length() % 32 != 0 || pskKey.length() > 128) {
throw new DeviceCredentialsValidationException("LwM2M client PSK key length = " + pskKey.length() + ". Key must be HexDec format: 32, 64, 128 characters!");
}
break;
case RPK:
RPKClientCredential rpkCredentials = (RPKClientCredential) clientCredentials;
if (StringUtils.isBlank(rpkCredentials.getKey())) {
throw new DeviceCredentialsValidationException("LwM2M client RPK key must be specified!");
}
try {
String pubkClient = EncryptionUtil.pubkTrimNewLines(rpkCredentials.getKey());
rpkCredentials.setKey(pubkClient);
SecurityUtil.publicKey.decode(rpkCredentials.getDecoded());
} catch (Exception e) {
throw new DeviceCredentialsValidationException("LwM2M client RPK key must be in standard [RFC7250] and support only EC algorithm and then encoded to Base64 format!");
}
break;
case X509:
X509ClientCredential x509CCredentials = (X509ClientCredential) clientCredentials;
if (StringUtils.isNotEmpty(x509CCredentials.getCert())) {
try {
String certClient = EncryptionUtil.certTrimNewLines(x509CCredentials.getCert());
x509CCredentials.setCert(certClient);
SecurityUtil.certificate.decode(x509CCredentials.getDecoded());
} catch (Exception e) {
throw new DeviceCredentialsValidationException("LwM2M client X509 certificate must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!");
}
}
break;
}
}
Also used :
PSKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)
Validator.validateString(org.thingsboard.server.dao.service.Validator.validateString)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
ConstraintViolationException(org.hibernate.exception.ConstraintViolationException)
DataValidationException(org.thingsboard.server.dao.exception.DataValidationException)
RPKClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential)
X509ClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)
Example 9 with DeviceCredentialsValidationException
use of org.thingsboard.server.dao.exception.DeviceCredentialsValidationException in project thingsboard by thingsboard.
the class DeviceCredentialsServiceImpl method validateLwM2MDeviceCredentials.
private void validateLwM2MDeviceCredentials(LwM2MDeviceCredentials lwM2MCredentials) {
if (lwM2MCredentials == null) {
throw new DeviceCredentialsValidationException("LwM2M credentials must be specified!");
}
LwM2MClientCredential clientCredentials = lwM2MCredentials.getClient();
if (clientCredentials == null) {
throw new DeviceCredentialsValidationException("LwM2M client credentials must be specified!");
}
validateLwM2MClientCredentials(clientCredentials);
LwM2MBootstrapClientCredentials bootstrapCredentials = lwM2MCredentials.getBootstrap();
if (bootstrapCredentials == null) {
throw new DeviceCredentialsValidationException("LwM2M bootstrap credentials must be specified!");
}
LwM2MBootstrapClientCredential bootstrapServerCredentials = bootstrapCredentials.getBootstrapServer();
if (bootstrapServerCredentials == null) {
throw new DeviceCredentialsValidationException("LwM2M bootstrap server credentials must be specified!");
}
validateServerCredentials(bootstrapServerCredentials, "Bootstrap server");
LwM2MBootstrapClientCredential lwm2MBootstrapClientCredential = bootstrapCredentials.getLwm2mServer();
if (lwm2MBootstrapClientCredential == null) {
throw new DeviceCredentialsValidationException("LwM2M lwm2m server credentials must be specified!");
}
validateServerCredentials(lwm2MBootstrapClientCredential, "LwM2M server");
}
Also used :
LwM2MClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredential)
LwM2MBootstrapClientCredential(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MBootstrapClientCredential)
DeviceCredentialsValidationException(org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)
LwM2MBootstrapClientCredentials(org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MBootstrapClientCredentials)
Aggregations
DeviceCredentialsValidationException (org.thingsboard.server.dao.exception.DeviceCredentialsValidationException)9
LwM2MClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredential)3
DataValidationException (org.thingsboard.server.dao.exception.DataValidationException)3
Validator.validateString (org.thingsboard.server.dao.service.Validator.validateString)3
ConstraintViolationException (org.hibernate.exception.ConstraintViolationException)2
X509ClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential)2
RPKLwM2MBootstrapServerCredential (org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.RPKLwM2MBootstrapServerCredential)2
X509LwM2MBootstrapServerCredential (org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.X509LwM2MBootstrapServerCredential)2
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1
HashSet (java.util.HashSet)1
DeviceProfile (org.thingsboard.server.common.data.DeviceProfile)1
BasicMqttCredentials (org.thingsboard.server.common.data.device.credentials.BasicMqttCredentials)1
LwM2MBootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MBootstrapClientCredential)1
LwM2MBootstrapClientCredentials (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MBootstrapClientCredentials)1
LwM2MDeviceCredentials (org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials)1
PSKBootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.PSKBootstrapClientCredential)1
PSKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential)1
RPKBootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.RPKBootstrapClientCredential)1
RPKClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential)1
X509BootstrapClientCredential (org.thingsboard.server.common.data.device.credentials.lwm2m.X509BootstrapClientCredential)1
