/** * Return true if any of the securityInfos is valid for the given endpoint and client identity. * * @see #checkSecurityInfo(String, Identity, SecurityInfo) * * @param endpoint * @param clientIdentity * @param securityInfos * */ public boolean checkSecurityInfos(String endpoint, Identity clientIdentity, List<SecurityInfo> securityInfos) { // if this is a secure end-point, we must check that the registering client is using the right identity. if (clientIdentity.isSecure()) { if (securityInfos == null || securityInfos.isEmpty()) { LOG.debug("Client '{}' without security info try to connect through the secure endpoint", endpoint); return false; } else { for (SecurityInfo securityInfo : securityInfos) { if (checkSecurityInfo(endpoint, clientIdentity, securityInfo)) { return true; } } return false; } } else if (securityInfos != null && !securityInfos.isEmpty()) { LOG.debug("Client '{}' must connect using DTLS", endpoint); return false; } return true; }
@Override public Registration isAuthorized(UplinkRequest<?> request, Registration registration, Identity senderIdentity) { // do we have security information for this client? SecurityInfo expectedSecurityInfo = null; if (securityStore != null) expectedSecurityInfo = securityStore.getByEndpoint(registration.getEndpoint()); if (securityChecker.checkSecurityInfo(registration.getEndpoint(), senderIdentity, expectedSecurityInfo)) { return registration; } else { return null; } } }