Re: [leshan-dev] Leshan lwm2m server Securitystore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [leshan-dev] Leshan lwm2m server Securitystore

From: Simon Bernard <contact@xxxxxxxxxxxxxxx>
Date: Wed, 13 May 2020 14:32:12 +0200
Delivered-to: leshan-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/leshan-dev>
List-help: <mailto:leshan-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0

Hi,

(as the keys are stored in another system, and could be multiple by endpoint).

You mean 1 endpoint could have several couple Identity/Key ? What is the purpose of this ?

I see no situation where a SecurityInfo should be fetched by endpoint instead of by identity.

In fact, you find it.

This is needed by the Authorizer to be sure the right identity is used for the given endpoint. This is very important to ensure that a device could not usurp another device.
This is also used when the server need to initiate a DTLS Handshake. This is needed for failover or reboot when registration is persisted (This is actually implemented). If you only have queue mode device you don't really need that server initiated a DTLS Handshake and you can configure Scandium as server only. DtlsConnectorConfig.setServerOnly(true) (maybe not available in leshan 1.0.0-M8)

By the way I strongly advice you to migrate to v1.0.1. More robust more feature and the API is stable now and you will benefit from future bug fix release.

HTH

Le 13/05/2020 à 11:42, Magnus a écrit :

Hello,

I am implementing the org.eclipse.leshan.server.security.SecurityStore interface in the leshan server (running 1.0.0-M8). I have a question about getByEndpoint() method. I would rather not return anything from this (as the keys are stored in another system, and could be multiple by endpoint). 

How is the getByEndpoint() used when running leshan lwm2m server? 

I see no situation where a SecurityInfo should be fetched by endpoint instead of by identity.

getByEndpoint() is called from LwM2mPskStore, and I have read forum entries about future implementations that it could be used when leshan lwm2m server acts as a client in the DTLS handshake (after a failover or reboot of the lwm2m server). I also see it is used in the DefaultAuthorizer, but this we have overridden.

Do you see any ohter usages of this?

best regards
Magnus
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/leshan-dev

References:
- [leshan-dev] Leshan lwm2m server Securitystore
  - From: Magnus

Prev by Date: [leshan-dev] Leshan lwm2m server Securitystore
Next by Date: [leshan-dev] 📢 Release of Leshan 1.0.2 and 1.1.0 📢
Previous by thread: [leshan-dev] Leshan lwm2m server Securitystore
Next by thread: [leshan-dev] 📢 Release of Leshan 1.0.2 and 1.1.0 📢
Index(es):
- Date
- Thread

Breadcrumbs