Integration of Californium 2.0.0-M13

leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/impl/CaliforniumEndpointsManager.java

@@ -115,8 +115,7 @@ public boolean isTrusted(RawPublicKeyIdentity id) {
                 serverIdentity = Identity.rpk(serverInfo.getAddress(), expectedKey);
             } else if (serverInfo.secureMode == SecurityMode.X509) {
                 // set identity
-                newBuilder.setIdentity(serverInfo.privateKey, new Certificate[] { serverInfo.clientCertificate },
-                        false);
+                newBuilder.setIdentity(serverInfo.privateKey, new Certificate[] { serverInfo.clientCertificate });
 
                 // set X509 verifier
                 final Certificate expectedServerCertificate = serverInfo.serverCertificate;
@@ -149,15 +148,6 @@ public X509Certificate[] getAcceptedIssuers() {
                         return null;
                     }
                 });
-
-                // disable the possibility to use RPK as client should use X509.
-                // TODO add a way in Scandium to say that we don't accept RPK certificate type
-                newBuilder.setRpkTrustStore(new TrustedRpkStore() {
-                    @Override
-                    public boolean isTrusted(RawPublicKeyIdentity id) {
-                        return false;
-                    }
-                });
                 serverIdentity = Identity.x509(serverInfo.getAddress(), EndpointContextUtil
                         .extractCN(((X509Certificate) expectedServerCertificate).getSubjectX500Principal().getName()));
             } else {
@@ -166,7 +156,7 @@ public boolean isTrusted(RawPublicKeyIdentity id) {
             if (endpointFactory != null) {
                 currentEndpoint = endpointFactory.createSecuredEndpoint(newBuilder.build(), coapConfig, null);
             } else {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 builder.setConnector(new DTLSConnector(newBuilder.build()));
                 builder.setNetworkConfig(coapConfig);
                 currentEndpoint = builder.build();
@@ -175,7 +165,7 @@ public boolean isTrusted(RawPublicKeyIdentity id) {
             if (endpointFactory != null) {
                 currentEndpoint = endpointFactory.createUnsecuredEndpoint(localAddress, coapConfig, null);
             } else {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 builder.setInetSocketAddress(localAddress);
                 builder.setNetworkConfig(coapConfig);
                 currentEndpoint = builder.build();
@@ -258,7 +248,11 @@ public synchronized void stop() {
 
     @Override
     public synchronized void destroy() {
+        // TODO we should be able to destroy a not started coapServer.
+        if (!started)
+            return;
         started = false;
+
         coapServer.destroy();
     }
 }

leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/RegistrationTest.java

@@ -287,7 +287,7 @@ public void register_with_invalid_request() throws InterruptedException, IOExcep
         coapRequest.getOptions().addUriQuery("ep=" + helper.currentEndpointIdentifier);
 
         // send request
-        CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+        CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
         builder.setInetSocketAddress(new InetSocketAddress(0));
         CoapEndpoint coapEndpoint = builder.build();
         coapEndpoint.start();

leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/SecureIntegrationTestHelper.java

@@ -206,7 +206,7 @@ public void createPSKClient() {
             @Override
             public CoapEndpoint createUnsecuredEndpoint(InetSocketAddress address, NetworkConfig coapConfig,
                     ObservationStore store) {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 builder.setInetSocketAddress(address);
                 builder.setNetworkConfig(coapConfig);
                 return builder.build();
@@ -215,7 +215,7 @@ public CoapEndpoint createUnsecuredEndpoint(InetSocketAddress address, NetworkCo
             @Override
             public CoapEndpoint createSecuredEndpoint(DtlsConnectorConfig dtlsConfig, NetworkConfig coapConfig,
                     ObservationStore store) {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 Builder dtlsConfigBuilder = new Builder(dtlsConfig);
                 if (dtlsConfig.getPskStore() != null) {
                     String identity = dtlsConfig.getPskStore().getIdentity(null);

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/LeshanBootstrapServerBuilder.java

@@ -29,6 +29,7 @@
 import org.eclipse.californium.scandium.DTLSConnector;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig.Builder;
+import org.eclipse.californium.scandium.dtls.CertificateType;
 import org.eclipse.leshan.LwM2m;
 import org.eclipse.leshan.core.californium.EndpointFactory;
 import org.eclipse.leshan.core.californium.Lwm2mEndpointContextMatcher;
@@ -295,12 +296,18 @@ public LeshanBootstrapServer build() {
 
             // handle trusted certificates
             if (trustedCertificates != null) {
-                if (incompleteConfig.getTrustStore() == null) {
-                    dtlsConfigBuilder.setTrustStore(trustedCertificates);
-                } else if (!Arrays.equals(trustedCertificates, incompleteConfig.getTrustStore())) {
-                    throw new IllegalStateException(String.format(
-                            "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for trusted Certificates (trustStore) : \n%s != \n%s",
-                            Arrays.toString(trustedCertificates), Arrays.toString(incompleteConfig.getTrustStore())));
+                if (incompleteConfig.getCertificateVerifier() == null) {
+                    if (incompleteConfig.getTrustStore() == null) {
+                        dtlsConfigBuilder.setTrustStore(trustedCertificates);
+                    } else if (!Arrays.equals(trustedCertificates, incompleteConfig.getTrustStore())) {
+                        throw new IllegalStateException(String.format(
+                                "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for trusted Certificates (trustStore) : \n%s != \n%s",
+                                Arrays.toString(trustedCertificates),
+                                Arrays.toString(incompleteConfig.getTrustStore())));
+                    }
+                } else if (trustedCertificates != null) {
+                    throw new IllegalStateException(
+                            "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder: if a CertificateVerifier is set, trustedCertificates must not be set.");
                 }
             }
 
@@ -319,20 +326,27 @@ public LeshanBootstrapServer build() {
                                 "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for public key: %s != %s",
                                 publicKey, incompleteConfig.getPublicKey()));
                     }
-
+                    // by default trust all RPK
+                    if (incompleteConfig.getRpkTrustStore() == null) {
+                        dtlsConfigBuilder.setRpkTrustAll();
+                    }
                     dtlsConfigBuilder.setIdentity(privateKey, publicKey);
                 }
                 // if in X.509 mode set the private key, certificate chain, public key is extracted from the certificate
                 if (certificateChain != null && certificateChain.length > 0) {
                     if (incompleteConfig.getCertificateChain() != null
-                            && !Arrays.equals(incompleteConfig.getCertificateChain(), certificateChain)) {
+                            && !Arrays.asList(certificateChain).equals(incompleteConfig.getCertificateChain())) {
                         throw new IllegalStateException(String.format(
                                 "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for certificate chain: %s != %s",
-                                Arrays.toString(certificateChain),
-                                Arrays.toString(incompleteConfig.getCertificateChain())));
+                                Arrays.toString(certificateChain), incompleteConfig.getCertificateChain()));
                     }
 
-                    dtlsConfigBuilder.setIdentity(privateKey, certificateChain, false);
+                    // by default trust all RPK
+                    if (incompleteConfig.getRpkTrustStore() == null) {
+                        dtlsConfigBuilder.setRpkTrustAll();
+                    }
+                    dtlsConfigBuilder.setIdentity(privateKey, certificateChain, CertificateType.X_509,
+                            CertificateType.RAW_PUBLIC_KEY);
                 }
             }
 
@@ -346,6 +360,7 @@ public LeshanBootstrapServer build() {
             try {
                 dtlsConfig = dtlsConfigBuilder.build();
             } catch (IllegalStateException e) {
+                LOG.warn("Unable to create DTLS config and so secured endpoint.", e);
             }
         }
 
@@ -354,7 +369,7 @@ public LeshanBootstrapServer build() {
             if (endpointFactory != null) {
                 unsecuredEndpoint = endpointFactory.createUnsecuredEndpoint(localAddress, coapConfig, null);
             } else {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 builder.setInetSocketAddress(localAddress);
                 builder.setNetworkConfig(coapConfig);
                 unsecuredEndpoint = builder.build();
@@ -366,7 +381,7 @@ public LeshanBootstrapServer build() {
             if (endpointFactory != null) {
                 securedEndpoint = endpointFactory.createSecuredEndpoint(dtlsConfig, coapConfig, null);
             } else {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 builder.setConnector(new DTLSConnector(dtlsConfig));
                 builder.setNetworkConfig(coapConfig);
                 builder.setEndpointContextMatcher(new Lwm2mEndpointContextMatcher());

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/LeshanServerBuilder.java

@@ -30,6 +30,7 @@
 import org.eclipse.californium.core.network.config.NetworkConfig.Keys;
 import org.eclipse.californium.scandium.DTLSConnector;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
+import org.eclipse.californium.scandium.dtls.CertificateType;
 import org.eclipse.leshan.LwM2m;
 import org.eclipse.leshan.core.californium.EndpointFactory;
 import org.eclipse.leshan.core.californium.Lwm2mEndpointContextMatcher;
@@ -412,12 +413,15 @@ public LeshanServer build() {
 
             // handle trusted certificates
             if (trustedCertificates != null) {
-                if (incompleteConfig.getTrustStore() == null) {
-                    dtlsConfigBuilder.setTrustStore(trustedCertificates);
-                } else if (!Arrays.equals(trustedCertificates, incompleteConfig.getTrustStore())) {
-                    throw new IllegalStateException(String.format(
-                            "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for trusted Certificates (trustStore) : \n%s != \n%s",
-                            Arrays.toString(trustedCertificates), Arrays.toString(incompleteConfig.getTrustStore())));
+                if (incompleteConfig.getCertificateVerifier() == null) {
+                    if (incompleteConfig.getTrustStore() == null) {
+                        dtlsConfigBuilder.setTrustStore(trustedCertificates);
+                    } else if (!Arrays.equals(trustedCertificates, incompleteConfig.getTrustStore())) {
+                        throw new IllegalStateException(String.format(
+                                "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for trusted Certificates (trustStore) : \n%s != \n%s",
+                                Arrays.toString(trustedCertificates),
+                                Arrays.toString(incompleteConfig.getTrustStore())));
+                    }
                 }
             }
 
@@ -437,19 +441,27 @@ public LeshanServer build() {
                                 publicKey, incompleteConfig.getPublicKey()));
                     }
 
+                    // by default trust all RPK
+                    if (incompleteConfig.getRpkTrustStore() == null) {
+                        dtlsConfigBuilder.setRpkTrustAll();
+                    }
                     dtlsConfigBuilder.setIdentity(privateKey, publicKey);
                 }
                 // if in X.509 mode set the private key, certificate chain, public key is extracted from the certificate
                 if (certificateChain != null && certificateChain.length > 0) {
                     if (incompleteConfig.getCertificateChain() != null
-                            && !Arrays.equals(incompleteConfig.getCertificateChain(), certificateChain)) {
+                            && !Arrays.asList(certificateChain).equals(incompleteConfig.getCertificateChain())) {
                         throw new IllegalStateException(String.format(
                                 "Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for certificate chain: %s != %s",
-                                Arrays.toString(certificateChain),
-                                Arrays.toString(incompleteConfig.getCertificateChain())));
+                                Arrays.toString(certificateChain), incompleteConfig.getCertificateChain()));
                     }
 
-                    dtlsConfigBuilder.setIdentity(privateKey, certificateChain, false);
+                    // by default trust all RPK
+                    if (incompleteConfig.getRpkTrustStore() == null) {
+                        dtlsConfigBuilder.setRpkTrustAll();
+                    }
+                    dtlsConfigBuilder.setIdentity(privateKey, certificateChain, CertificateType.X_509,
+                            CertificateType.RAW_PUBLIC_KEY);
                 }
             }
 
@@ -463,6 +475,7 @@ public LeshanServer build() {
             try {
                 dtlsConfig = dtlsConfigBuilder.build();
             } catch (IllegalStateException e) {
+                LOG.warn("Unable to create DTLS config and so secured endpoint.", e);
             }
         }
 
@@ -473,7 +486,7 @@ public LeshanServer build() {
                 unsecuredEndpoint = endpointFactory.createUnsecuredEndpoint(localAddress, coapConfig,
                         registrationStore);
             } else {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 builder.setInetSocketAddress(localAddress);
                 builder.setNetworkConfig(coapConfig);
                 builder.setObservationStore(registrationStore);
@@ -486,7 +499,7 @@ public LeshanServer build() {
             if (endpointFactory != null) {
                 securedEndpoint = endpointFactory.createSecuredEndpoint(dtlsConfig, coapConfig, registrationStore);
             } else {
-                CoapEndpoint.CoapEndpointBuilder builder = new CoapEndpoint.CoapEndpointBuilder();
+                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                 builder.setConnector(new DTLSConnector(dtlsConfig));
                 builder.setNetworkConfig(coapConfig);
                 builder.setObservationStore(registrationStore);

pom.xml

@@ -108,7 +108,7 @@ Contributors:
         <test.exclusion.pattern>**/Redis*.java</test.exclusion.pattern>
 
         <!-- dependencies version -->
-        <californium.version>2.0.0-M12</californium.version>
+        <californium.version>2.0.0-M13</californium.version>
         <logback.version>1.2.3</logback.version>
         <slf4j.api.version>1.7.25</slf4j.api.version>
         <jetty.version>9.1.4.v20140401</jetty.version>
@@ -492,7 +492,7 @@ Contributors:
             <dependency>
                 <groupId>junit</groupId>
                 <artifactId>junit</artifactId>
-                <version>4.11</version>
+                <version>4.12</version>
                 <scope>test</scope>
             </dependency>
             <dependency>