Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [wakaama-dev] Secure bootstrapping with tests/secureclient

There is no UI to add credentials for secure bootstrap in Leshan Bootstrap Demo UI.
But you can use the REST API to do that.

Here a python script which do that:
import requests
import json

BASE_URL = "http://leshan.eclipse.org:8081/";
url = BASE_URL + "api/bootstrap/testsecureclient"
data = {"servers": {"0": {"shortId": 123,
                          "lifetime": 20,
                          "defaultMinPeriod": 1,
                          "defaultMaxPeriod": None,
                          "disableTimeout": None,
                          "notifIfDisabled": True,
                          "binding": "U"}},
        "security": {"0":{"uri": "coap://leshan.eclipse.org:5683",
                          "bootstrapServer": False,
                          "securityMode": "NO_SEC",
                          "publicKeyOrId": [],
                          "serverPublicKeyOrId" : [],
                          "secretKey": [],
                          "smsSecurityMode": "NO_SEC",
                          "smsBindingKeyParam" : [],
                          "smsBindingKeySecret" : [],
                          "serverSmsNumber" : "+3343577464",
                          "serverId" : 123,
                          "clientOldOffTime" : 1},
                     "1":{"uri": "coaps:///leshan.eclipse.org:5784",
                          "bootstrapServer": True,
                          "securityMode": "PSK",
"publicKeyOrId": [115,101,99,117,114,101,95,99,108,105,101,110,116,95,105,100], #binary represenation of "secure_client_id"
                          "serverPublicKeyOrId" : [],
"secretKey": [112,114,105,118,97,116,101,95,107,101,121], #binary representation of "private_key", the hexa value is 707269766174655f6b6579
                          "smsSecurityMode": "NO_SEC",
                          "smsBindingKeyParam" : [],
                          "smsBindingKeySecret" : [],
                          "serverSmsNumber" : "+3343577911",
                          "serverId" : 911,
                          "clientOldOffTime" : 20}}}
headers = {'Content-type': 'application/json', 'Accept': 'text/plain'}
r = requests.post(url, data=json.dumps(data), headers=headers)
print r.status_code
print r.content

HTH
Simon

Le 11/03/2016 16:29, Bill Silverajan a écrit :
Hi all,

Thanks to some of the people on the list, I've successfully bootstrapped
the lwm2mclient ("testlwm2mclient") against wakaama's own bootstrap server.

I then proceeded with testing secure bootstrapping, with the
secureclient ("testsecureclient") against leshan's bootstrap server and
a separate dtls-enabled lwm2m server from leshan.

My setup is simple: The dtls client contacts the bs server, obtaining
the PSK material for secure registration and communication with the
lwm2m server.

I've configured the BS server to deliver the necessary credentials to
testsecureclient, which then proceeds to contact and successfully
register over DTLS to an external LWM2M server. I was able to accomplish
bootstrapping over port 5683 for this.

Does the secureclient have the ability to perform secure bootstrapping?

I imagine it's a trivial matter to invoke secureclient with the -i and
-p flags so that secure bootstrapping is done against the leshan
bootstrap server. Then, the bootstrap server provides the PSK key of the
actual LWM2M server to the client.

But I'm unable to discover what the identity/key combination to
successfully let secureclient communicate with the bootstrap server on
port 5684 is. Or in fact even where to provide this to the leshan
bootstrap server!

If I should pose this question to the leshan list (since it might be an
implementation-specific issue with the bootstrap server), I apologise in
advance.

Regards,
Bill

_______________________________________________
wakaama-dev mailing list
wakaama-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/wakaama-dev



Back to the top