[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [leshan-dev] Leshan lwm2m server Securitystore
|
Hi,
(as the keys are stored in another system, and could be multiple by endpoint).
You mean 1 endpoint could have several couple Identity/Key ? What
is the purpose of this ?
I see no situation where a SecurityInfo should be fetched by endpoint instead of by identity.
In fact, you find it.
- This is needed by the Authorizer to be sure the right identity
is used for the given endpoint. This is very important to ensure
that a device could not usurp another device.
- This is also used when the server need to initiate a DTLS
Handshake. This is needed for failover or reboot when
registration is persisted (This is actually implemented). If you
only have queue mode device you don't really need that server
initiated a DTLS Handshake and you can configure Scandium as
server only. DtlsConnectorConfig.setServerOnly(true) (maybe not
available in leshan 1.0.0-M8)
By the way I strongly advice you to migrate to v1.0.1. More
robust more feature and the API is stable now and you will benefit
from future bug fix release.
HTH
Le 13/05/2020 à 11:42, Magnus a écrit :
Hello,
I am implementing the org.eclipse.leshan.server.security.SecurityStore interface in the leshan server (running 1.0.0-M8). I have a question about getByEndpoint() method. I would rather not return anything from this (as the keys are stored in another system, and could be multiple by endpoint).
How is the getByEndpoint() used when running leshan lwm2m server?
I see no situation where a SecurityInfo should be fetched by endpoint instead of by identity.
getByEndpoint() is called from LwM2mPskStore, and I have read forum entries about future implementations that it could be used when leshan lwm2m server acts as a client in the DTLS handshake (after a failover or reboot of the lwm2m server). I also see it is used in the DefaultAuthorizer, but this we have overridden.
Do you see any ohter usages of this?
best regards
Magnus
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/leshan-dev