/** * Create californium endpoint context from leshan identity. * * @param identity leshan identity received on last registration. * @return californium endpoint context for leshan identity */ public static EndpointContext extractContext(Identity identity) { Principal peerIdentity = null; if (identity != null) { if (identity.isPSK()) { peerIdentity = new PreSharedKeyIdentity(identity.getPskIdentity()); } else if (identity.isRPK()) { peerIdentity = new RawPublicKeyIdentity(identity.getRawPublicKey()); } else if (identity.isX509()) { /* simplify distinguished name to CN= part */ peerIdentity = new X500Principal("CN=" + identity.getX509CommonName()); } } return new AddressEndpointContext(identity.getPeerAddress(), peerIdentity); }
public String getUri() { StringBuilder uri = new StringBuilder(); if (identity.isSecure()) uri.append("coaps://"); else uri.append("coap://"); uri.append(identity.getPeerAddress().getAddress().getHostAddress()); uri.append(":"); uri.append(identity.getPeerAddress().getPort()); return uri.toString(); } }
public static Identity extractIdentity(EndpointContext context) { InetSocketAddress peerAddress = context.getPeerAddress(); Principal senderIdentity = context.getPeerIdentity(); if (senderIdentity != null) { if (senderIdentity instanceof PreSharedKeyIdentity) { return Identity.psk(peerAddress, ((PreSharedKeyIdentity) senderIdentity).getIdentity()); } else if (senderIdentity instanceof RawPublicKeyIdentity) { PublicKey publicKey = ((RawPublicKeyIdentity) senderIdentity).getKey(); return Identity.rpk(peerAddress, publicKey); } else if (senderIdentity instanceof X500Principal || senderIdentity instanceof X509CertPath) { // Extract common name String x509CommonName = extractCN(senderIdentity.getName()); return Identity.x509(peerAddress, x509CommonName); } throw new IllegalStateException("Unable to extract sender identity : unexpected type of Principal"); } return Identity.unsecure(peerAddress); }
/** * Gets the client's network socket address. * * @return the source address from the client's most recent CoAP message. */ public InetSocketAddress getSocketAddress() { return identity.getPeerAddress(); }
/** * Return true if any of the securityInfos is valid for the given endpoint and client identity. * * @see #checkSecurityInfo(String, Identity, SecurityInfo) * * @param endpoint * @param clientIdentity * @param securityInfos * */ public boolean checkSecurityInfos(String endpoint, Identity clientIdentity, List<SecurityInfo> securityInfos) { // if this is a secure end-point, we must check that the registering client is using the right identity. if (clientIdentity.isSecure()) { if (securityInfos == null || securityInfos.isEmpty()) { LOG.debug("Client '{}' without security info try to connect through the secure endpoint", endpoint); return false; } else { for (SecurityInfo securityInfo : securityInfos) { if (checkSecurityInfo(endpoint, clientIdentity, securityInfo)) { return true; } } return false; } } else if (securityInfos != null && !securityInfos.isEmpty()) { LOG.debug("Client '{}' must connect using DTLS", endpoint); return false; } return true; }
protected boolean checkX509Identity(String endpoint, Identity clientIdentity, SecurityInfo securityInfo) { // Manage X509 certificate authentication // ---------------------------------------------------- if (!securityInfo.useX509Cert()) { LOG.debug("Client '{}' is not supposed to use X509 certificate to authenticate", endpoint); return false; } if (!matchX509Identity(endpoint, clientIdentity.getX509CommonName(), endpoint)) { return false; } LOG.trace("authenticated client '{}' using DTLS X509 certificates", endpoint); return true; }
protected boolean checkPskIdentity(String endpoint, Identity clientIdentity, SecurityInfo securityInfo) { // Manage PSK authentication // ---------------------------------------------------- if (!securityInfo.usePSK()) { LOG.debug("Client '{}' is not supposed to use PSK to authenticate", endpoint); return false; } if (!matchPskIdentity(endpoint, clientIdentity.getPskIdentity(), securityInfo.getIdentity())) { return false; } LOG.trace("Authenticated client '{}' using DTLS PSK", endpoint); return true; }
protected boolean checkRpkIdentity(String endpoint, Identity clientIdentity, SecurityInfo securityInfo) { // Manage RPK authentication // ---------------------------------------------------- if (!securityInfo.useRPK()) { LOG.debug("Client '{}' is not supposed to use RPK to authenticate", endpoint); return false; } if (!matchRpkIdenity(endpoint, clientIdentity.getRawPublicKey(), securityInfo.getRawPublicKey())) { return false; } LOG.trace("authenticated client '{}' using DTLS RPK", endpoint); return true; }
public static Identity deserialize(JsonObject peer) { String address = peer.get(KEY_ADDRESS).asString(); int port = peer.get(KEY_PORT).asInt(); JsonValue jpsk = peer.get(KEY_ID); if (jpsk != null) { return Identity.psk(new InetSocketAddress(address, port), jpsk.asString()); } JsonValue jrpk = peer.get(KEY_RPK); if (jrpk != null) { try { byte[] rpk = Hex.decodeHex(jrpk.asString().toCharArray()); X509EncodedKeySpec spec = new X509EncodedKeySpec(rpk); PublicKey publicKey = KeyFactory.getInstance("EC").generatePublic(spec); return Identity.rpk(new InetSocketAddress(address, port), publicKey); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { throw new IllegalStateException("Invalid security info content", e); } } JsonValue jcn = peer.get(KEY_CN); if (jcn != null) { return Identity.x509(new InetSocketAddress(address, port), jcn.asString()); } return Identity.unsecure(new InetSocketAddress(address, port)); } }
/** * Gets the client's network port number. * * @return the source port from the client's most recent CoAP message. */ public int getPort() { return identity.getPeerAddress().getPort(); }
@Override public JsonElement serialize(Registration src, Type typeOfSrc, JsonSerializationContext context) { JsonObject element = new JsonObject(); element.addProperty("endpoint", src.getEndpoint()); element.addProperty("registrationId", src.getId()); element.add("registrationDate", context.serialize(src.getRegistrationDate())); element.add("lastUpdate", context.serialize(src.getLastUpdate())); element.addProperty("address", src.getAddress().getHostAddress() + ":" + src.getPort()); element.addProperty("smsNumber", src.getSmsNumber()); element.addProperty("lwM2mVersion", src.getLwM2mVersion()); element.addProperty("lifetime", src.getLifeTimeInSec()); element.addProperty("bindingMode", src.getBindingMode().toString()); element.add("rootPath", context.serialize(src.getRootPath())); element.add("objectLinks", context.serialize(src.getSortedObjectLinks())); element.add("secure", context.serialize(src.getIdentity().isSecure())); element.add("additionalRegistrationAttributes", context.serialize(src.getAdditionalRegistrationAttributes())); if (src.usesQueueMode()) { element.add("sleeping", context.serialize(!presenceService.isClientAwake(src))); } return element; } }
public static JsonObject serialize(Identity identity) { JsonObject o = Json.object(); o.set(KEY_ADDRESS, identity.getPeerAddress().getHostString()); o.set(KEY_PORT, identity.getPeerAddress().getPort()); if (identity.isPSK()) { o.set(KEY_ID, identity.getPskIdentity()); } else if (identity.isRPK()) { PublicKey publicKey = identity.getRawPublicKey(); o.set(KEY_RPK, Hex.encodeHexString(publicKey.getEncoded())); } else if (identity.isX509()) { o.set(KEY_CN, identity.getX509CommonName()); } return o; }
public static Identity deserialize(JsonObject peer) { String address = peer.get(KEY_ADDRESS).asString(); int port = peer.get(KEY_PORT).asInt(); JsonValue jpsk = peer.get(KEY_ID); if (jpsk != null) { return Identity.psk(new InetSocketAddress(address, port), jpsk.asString()); } JsonValue jrpk = peer.get(KEY_RPK); if (jrpk != null) { try { byte[] rpk = Hex.decodeHex(jrpk.asString().toCharArray()); X509EncodedKeySpec spec = new X509EncodedKeySpec(rpk); PublicKey publicKey = KeyFactory.getInstance("EC").generatePublic(spec); return Identity.rpk(new InetSocketAddress(address, port), publicKey); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { throw new IllegalStateException("Invalid security info content", e); } } JsonValue jcn = peer.get(KEY_CN); if (jcn != null) { return Identity.x509(new InetSocketAddress(address, port), jcn.asString()); } return Identity.unsecure(new InetSocketAddress(address, port)); } }
/** * Gets the client's network address. * * @return the source address from the client's most recent CoAP message. */ public InetAddress getAddress() { return identity.getPeerAddress().getAddress(); }
DeregisterResponse response = sender.send(server.getIdentity().getPeerAddress(), server.getIdentity().isSecure(), new DeregisterRequest(registrationID), DEREGISTRATION_TIMEOUT); if (response == null) { registrationID = null;
@Override public T buildResponse(Response coapResponse) { // TODO we need to fix that by removing the Client dependency from LwM2MResponseBuilder or by creating a // LwM2mBootstrapResponseBuilder Registration registration = new Registration.Builder("fakeregistrationid", endpointName, destination, destination.isSecure() ? secureEndpoint.getAddress() : nonSecureEndpoint.getAddress()).build(); // Build LwM2m response LwM2mResponseBuilder<T> lwm2mResponseBuilder = new LwM2mResponseBuilder<>(coapRequest, coapResponse, registration, model, null, decoder); request.accept(lwm2mResponseBuilder); return lwm2mResponseBuilder.getResponse(); } };
public static JsonObject serialize(Identity identity) { JsonObject o = Json.object(); o.set(KEY_ADDRESS, identity.getPeerAddress().getHostString()); o.set(KEY_PORT, identity.getPeerAddress().getPort()); if (identity.isPSK()) { o.set(KEY_ID, identity.getPskIdentity()); } else if (identity.isRPK()) { PublicKey publicKey = identity.getRawPublicKey(); o.set(KEY_RPK, Hex.encodeHexString(publicKey.getEncoded())); } else if (identity.isX509()) { o.set(KEY_CN, identity.getX509CommonName()); } return o; }
StaticPskStore staticPskStore = new StaticPskStore(serverInfo.pskId, serverInfo.pskKey); newBuilder.setPskStore(staticPskStore); serverIdentity = Identity.psk(serverInfo.getAddress(), serverInfo.pskId); } else if (serverInfo.secureMode == SecurityMode.RPK) { serverIdentity = Identity.rpk(serverInfo.getAddress(), expectedKey); } else if (serverInfo.secureMode == SecurityMode.X509) { serverIdentity = Identity.x509(serverInfo.getAddress(), EndpointContextUtil .extractCN(((X509Certificate) expectedServerCertificate).getSubjectX500Principal().getName())); } else { currentEndpoint = builder.build(); serverIdentity = Identity.unsecure(serverInfo.getAddress());