private static Certificate getClientCertificate(LwM2mObjectInstance securityInstance) { byte[] encodedCert = (byte[]) securityInstance.getResource(SEC_PUBKEY_IDENTITY).getValue(); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); try (ByteArrayInputStream in = new ByteArrayInputStream(encodedCert)) { return cf.generateCertificate(in); } } catch (CertificateException | IOException e) { LOG.debug("Failed to decode X.509 certificate", e); return null; } }
private static Certificate getServerCertificate(LwM2mObjectInstance securityInstance) { byte[] encodedCert = (byte[]) securityInstance.getResource(SEC_SERVER_PUBKEY).getValue(); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); try (ByteArrayInputStream in = new ByteArrayInputStream(encodedCert)) { return cf.generateCertificate(in); } } catch (CertificateException | IOException e) { LOG.debug("Failed to decode X.509 certificate", e); return null; } }
public static String getPskIdentity(LwM2mObjectInstance securityInstance) { byte[] pubKey = (byte[]) securityInstance.getResource(SEC_PUBKEY_IDENTITY).getValue(); return new String(pubKey); }
private static PrivateKey getPrivateKey(LwM2mObjectInstance securityInstance) { byte[] encodedKey = (byte[]) securityInstance.getResource(SEC_SECRET_KEY).getValue(); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey); String algorithm = "EC"; try { KeyFactory kf = KeyFactory.getInstance(algorithm); return kf.generatePrivate(keySpec); } catch (NoSuchAlgorithmException e) { LOG.warn("Failed to instantiate key factory for algorithm " + algorithm, e); } catch (InvalidKeySpecException e) { LOG.warn("Failed to decode RFC5958 private key with algorithm " + algorithm, e); } return null; }
public static byte[] getPskKey(LwM2mObjectInstance securityInstance) { return (byte[]) securityInstance.getResource(SEC_SECRET_KEY).getValue(); }
private static PublicKey getPublicKey(LwM2mObjectInstance securityInstance) { byte[] encodedKey = (byte[]) securityInstance.getResource(SEC_PUBKEY_IDENTITY).getValue(); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); String algorithm = "EC"; try { KeyFactory kf = KeyFactory.getInstance(algorithm); return kf.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { LOG.debug("Failed to instantiate key factory for algorithm " + algorithm, e); } catch (InvalidKeySpecException e) { LOG.debug("Failed to decode RFC7250 public key with algorithm " + algorithm, e); } return null; }
private static PublicKey getServerPublicKey(LwM2mObjectInstance securityInstance) { byte[] encodedKey = (byte[]) securityInstance.getResource(SEC_SERVER_PUBKEY).getValue(); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); String algorithm = "EC"; try { KeyFactory kf = KeyFactory.getInstance(algorithm); return kf.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { LOG.debug("Failed to instantiate key factory for algorithm " + algorithm, e); } catch (InvalidKeySpecException e) { LOG.debug("Failed to decode RFC7250 public key with algorithm " + algorithm, e); } return null; }
public static SecurityMode getSecurityMode(LwM2mObjectInstance securityInstance) { return SecurityMode.fromCode((long) securityInstance.getResource(SEC_SECURITY_MODE).getValue()); }
@Override public String getIdentity(InetSocketAddress inetAddress) { if (inetAddress == null) return null; LwM2mObject securities = (LwM2mObject) securityEnabler.read(SYSTEM, new ReadRequest(SECURITY)).getContent(); for (LwM2mObjectInstance security : securities.getInstances().values()) { long securityMode = (long) security.getResource(SEC_SECURITY_MODE).getValue(); if (securityMode == SecurityMode.PSK.code) { try { URI uri = new URI((String) security.getResource(SEC_SERVER_URI).getValue()); if (inetAddress.equals(ServerInfo.getAddress(uri))) { byte[] pskIdentity = (byte[]) security.getResource(SEC_PUBKEY_IDENTITY).getValue(); return new String(pskIdentity); } } catch (URISyntaxException e) { LOG.error(String.format("Invalid URI %s", (String) security.getResource(SEC_SERVER_URI).getValue()), e); } } } return null; }
@Override public byte[] getKey(String identity) { if (identity == null) return null; byte[] res = null; LwM2mObject securities = (LwM2mObject) securityEnabler.read(SYSTEM, new ReadRequest(SECURITY)).getContent(); for (LwM2mObjectInstance security : securities.getInstances().values()) { long securityMode = (long) security.getResource(SEC_SECURITY_MODE).getValue(); if (securityMode == SecurityMode.PSK.code) // psk { byte[] pskIdentity = (byte[]) security.getResource(SEC_PUBKEY_IDENTITY).getValue(); if (Arrays.equals(identity.getBytes(), pskIdentity)) { if (res == null) { // we continue to check if the is duplication res = (byte[]) security.getResource(SEC_SECRET_KEY).getValue(); } else { LOG.warn("There is several security object instance with the same psk identity : '{}'", identity); // we find 1 duplication and warn for it no need to continue. return res; } } } } return res; }
if ((boolean) security.getResource(SEC_BOOTSTRAP).getValue()) { if (infos.bootstrap != null) { LOG.warn("There is more than one bootstrap configuration in security object."); LwM2mResource serverIdResource = security.getResource(SEC_SERVER_ID); if (serverIdResource != null && serverIdResource.getValue() != null) info.serverId = (long) serverIdResource.getValue(); else info.serverId = 0; info.serverUri = new URI((String) security.getResource(SEC_SERVER_URI).getValue()); info.secureMode = getSecurityMode(security); if (info.secureMode == SecurityMode.PSK) { info.serverUri = new URI((String) security.getResource(SEC_SERVER_URI).getValue()); info.serverId = (long) security.getResource(SEC_SERVER_ID).getValue(); info.secureMode = getSecurityMode(security); if (info.secureMode == SecurityMode.PSK) { if (info.serverId == (Long) server.getResource(SRV_SERVER_ID).getValue()) { info.lifetime = (long) server.getResource(SRV_LIFETIME).getValue(); info.binding = BindingMode.valueOf((String) server.getResource(SRV_BINDING).getValue()); LOG.error(String.format("Invalid URI %s", (String) security.getResource(SEC_SERVER_URI).getValue()), e);