Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow to set custom REDIS keys for security endpoint and PSK ID #1398

Closed
wants to merge 4 commits into from
Closed

Allow to set custom REDIS keys for security endpoint and PSK ID #1398

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ffb14c0
Allow to set custom REDIS keys for security endpoint and PSK ID
aliakseiz Feb 14, 2023
070aa87
Change default Redis keys for SecurityInfo storage
aliakseiz Feb 21, 2023
58270cc
Replace RedisSecurityStore constructors with Builder
aliakseiz Mar 2, 2023
bd8b389
Forbid setting empty prefixes for RedisSecurityStore
aliakseiz Mar 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...test/java/org/eclipse/leshan/integration/tests/util/RedisSecureIntegrationTestHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ protected SecurityStore createSecurityStore() {
} else {
jedis = new JedisPool();
}
securityStore = new RedisSecurityStore(jedis);
securityStore = new RedisSecurityStore.Builder(jedis).build();
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved
return securityStore;
}
}
10 changes: 6 additions & 4 deletions leshan-server-demo/src/main/java/org/eclipse/leshan/server/demo/LeshanServerDemo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
import org.eclipse.californium.elements.util.CertPathUtil;
import org.eclipse.californium.scandium.config.DtlsConfig;
import org.eclipse.californium.scandium.config.DtlsConfig.DtlsRole;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig.Builder;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.webapp.WebAppContext;
Expand Down Expand Up @@ -162,7 +162,7 @@ public static LeshanServer createLeshanServer(LeshanServerDemoCLI cli) throws Ex
securityStore = new FileSecurityStore();
} else {
// use Redis Store
securityStore = new RedisSecurityStore(cli.main.redis);
securityStore = new RedisSecurityStore.Builder(cli.main.redis).build();
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved
builder.setRegistrationStore(new RedisRegistrationStore(cli.main.redis));
}
builder.setSecurityStore(securityStore);
Expand Down Expand Up @@ -190,8 +190,10 @@ public CaliforniumServerEndpointFactory createDefaultEndpointFactory(URI uri) {
return new CoapsServerEndpointFactory(uri) {

@Override
protected Builder createDtlsConnectorConfigBuilder(Configuration endpointConfiguration) {
Builder dtlsConfigBuilder = super.createDtlsConnectorConfigBuilder(endpointConfiguration);
protected DtlsConnectorConfig.Builder createDtlsConnectorConfigBuilder(
Configuration endpointConfiguration) {
DtlsConnectorConfig.Builder dtlsConfigBuilder = super.createDtlsConnectorConfigBuilder(
endpointConfiguration);
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved

// Add MDC for connection logs
if (cli.helpsOptions.getVerboseLevel() > 0)
Expand Down
85 changes: 74 additions & 11 deletions leshan-server-redis/src/main/java/org/eclipse/leshan/server/redis/RedisSecurityStore.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,6 @@
* <p>
* Security info are stored using the endpoint as primary key and a secondary index is created for endpoint lookup by
* PSK identity.
* <p>
* By default, uses {@code SEC#EP#} key prefix to find security info by endpoint and {@code EP#PSKID} key to get the
* endpoint by PSK ID. Leshan v1.x used {@code SEC#EP#} and {@code PSKID#SEC} keys for that accordingly.
*/
public class RedisSecurityStore implements EditableSecurityStore {

Expand All @@ -52,14 +49,10 @@ public class RedisSecurityStore implements EditableSecurityStore {

private final List<SecurityStoreListener> listeners = new CopyOnWriteArrayList<>();

public RedisSecurityStore(Pool<Jedis> pool) {
this(pool, "SEC#EP#", "EP#PSKID");
}
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved

public RedisSecurityStore(Pool<Jedis> pool, String securityInfoByEndpointPrefix, String endpointByPskIdKey) {
this.pool = pool;
this.securityInfoByEndpointPrefix = securityInfoByEndpointPrefix;
this.endpointByPskIdKey = endpointByPskIdKey;
private RedisSecurityStore(Builder builder) {
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved
this.pool = builder.pool;
this.securityInfoByEndpointPrefix = builder.securityInfoByEndpointPrefix;
this.endpointByPskIdKey = builder.endpointByPskIdKey;
}

@Override
Expand Down Expand Up @@ -177,4 +170,74 @@ public void addListener(SecurityStoreListener listener) {
public void removeListener(SecurityStoreListener listener) {
listeners.remove(listener);
}

/**
* Class helping to build and configure a {@link RedisSecurityStore}.
* <p>
* By default, uses {@code SECSTORE#} prefix for all keys, {@code SEC#EP#} key prefix to find security info by
* endpoint and {@code EP#PSKID} key to get the endpoint by PSK ID. Leshan v1.x used {@code SEC#EP#} and
* {@code PSKID#SEC} keys for that accordingly.
*/
public static class Builder {
private Pool<Jedis> pool;
private String securityInfoByEndpointPrefix;

private String endpointByPskIdKey;

private String prefix;

/**
* Set the Redis connection pool for the {@link RedisSecurityStore}.
*/
public void setPool(Pool<Jedis> pool) {
this.pool = pool;
}
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved

/**
* Set the key prefix for security info lookup by endpoint.
* <p>
* Default value is {@literal SEC#EP#}.
*/
public void setSecurityInfoByEndpointPrefix(String securityInfoByEndpointPrefix) {
this.securityInfoByEndpointPrefix = securityInfoByEndpointPrefix;
}
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved

/**
* Set the key for endpoint lookup by PSK identity.
* <p>
* Default value is {@literal EP#PSKID}.
*/
public void setEndpointByPskIdKey(String endpointByPskIdKey) {
this.endpointByPskIdKey = endpointByPskIdKey;
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved
}

/**
* Set the prefix for all keys and prefixes including {@link #securityInfoByEndpointPrefix} and
* {@link #endpointByPskIdKey}.
* <p>
* Default value is {@literal SECSTORE#}.
*/
public void setPrefix(String prefix) {
this.prefix = prefix;
}
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved

public Builder(Pool<Jedis> pool) {
this.pool = pool;
this.prefix = "SECSTORE#";
this.securityInfoByEndpointPrefix = "SEC#EP#";
this.endpointByPskIdKey = "EP#PSKID";
}

/**
* Create the {@link RedisSecurityStore}.
* <p>
* @return the Redis security store.
*/
public RedisSecurityStore build() {
this.securityInfoByEndpointPrefix = this.prefix + this.securityInfoByEndpointPrefix;
this.endpointByPskIdKey = this.prefix + this.endpointByPskIdKey;
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved
sbernard31 marked this conversation as resolved.
Show resolved Hide resolved

return new RedisSecurityStore(this);
}
}
}