Permalink
Browse files

Implement joineui to join-server resolver (A record / https only).

  • Loading branch information...
brocaar committed Nov 8, 2018
1 parent 1c5ca41 commit 036a553d8f95fd7c202bd7fd692826a5caede916
@@ -496,56 +496,106 @@ get_downlink_data_delay="{{ .NetworkServer.GetDownlinkDataDelay }}"
tls_key="{{ .GeolocationServer.TLSKey }}"
# Default join-server settings.
[join_server.default]
# hostname:port of the default join-server
# Join-server settings.
[join_server]
# Resolve JoinEUI (experimental).
#
# This API is provided by LoRa App Server.
server="{{ .JoinServer.Default.Server }}"
# When set to true, LoRa Server will use the JoinEUI to resolve the join-server
# for the given JoinEUI. LoRa Server will fallback on the default join-server
# when resolving the JoinEUI fails.
resolve_join_eui={{ .JoinServer.ResolveJoinEUI }}
# ca certificate used by the default join-server client (optional)
ca_cert="{{ .JoinServer.Default.CACert }}"
# Resolve domain suffix.
#
# This configures the domain suffix used for resolving the join-server.
resolve_domain_suffix="{{ .JoinServer.ResolveDomainSuffix }}"
# tls certificate used by the default join-server client (optional)
tls_cert="{{ .JoinServer.Default.TLSCert }}"
# tls key used by the default join-server client (optional)
tls_key="{{ .JoinServer.Default.TLSKey }}"
# Join-server certificates.
#
# Example:
# [[join_server.certificates]]
# # JoinEUI.
# #
# # The JoinEUI of the joinserver to to use the certificates for.
# join_eui="0102030405060708"
# # CA certificate (optional).
# #
# # Set this to validate the join-server server certificate (e.g. when the
# # certificate was self-signed).
# ca_cert="/path/to/ca.pem"
# # TLS client-certificate (optional).
# #
# # Set this to enable client-certificate authentication with the join-server.
# tls_cert="/path/to/tls_cert.pem"
# # TLS client-certificate key (optional).
# #
# # Set this to enable client-certificate authentication with the join-server.
# tls_key="/path/to/tls_key.pem"
{{ range $index, $element := .JoinServer.Certificates }}
[[join_server.certificates]]
join_eui="{{ $element.JoinEUI }}"
ca_cert="{{ $element.CACert }}"
tls_cert="{{ $element.TLSCert }}"
tls_key="{{ $element.TLSKey }}"
{{ end }}
# Default join-server settings.
#
# This join-server will be used when resolving the JoinEUI is set to false
# or as a fallback when resolving the JoinEUI fails.
[join_server.default]
# hostname:port of the default join-server
#
# This API is provided by LoRa App Server.
server="{{ .JoinServer.Default.Server }}"
# ca certificate used by the default join-server client (optional)
ca_cert="{{ .JoinServer.Default.CACert }}"
# Join-server KEK set.
#
# These KEKs (Key Encryption Keys) are used to decrypt the network related
# session-keys received from the join-server on a (re)join-accept.
# Please refer to the LoRaWAN Backend Interface specification
# 'Key Transport Security' section for more information.
#
# Example (the [[join_server.kek.set]] can be repeated):
# [[join_server.kek.set]]
# # KEK label.
# label="000000"
# # Key Encryption Key.
# kek="01020304050607080102030405060708"
{{ range $index, $element := .JoinServer.KEK.Set }}
[[join_server.kek.set]]
label="{{ $element.Label }}"
kek="{{ $element.KEK }}"
{{ end }}
# Network-controller configuration.
[network_controller]
# hostname:port of the network-controller api server (optional)
server="{{ .NetworkController.Server }}"
# tls certificate used by the default join-server client (optional)
tls_cert="{{ .JoinServer.Default.TLSCert }}"
# ca certificate used by the network-controller client (optional)
ca_cert="{{ .NetworkController.CACert }}"
# tls key used by the default join-server client (optional)
tls_key="{{ .JoinServer.Default.TLSKey }}"
# tls certificate used by the network-controller client (optional)
tls_cert="{{ .NetworkController.TLSCert }}"
# tls key used by the network-controller client (optional)
tls_key="{{ .NetworkController.TLSKey }}"
# Join-server KEK set.
#
# These KEKs (Key Encryption Keys) are used to decrypt the network related
# session-keys received from the join-server on a (re)join-accept.
# Please refer to the LoRaWAN Backend Interface specification
# 'Key Transport Security' section for more information.
#
# Example (the [[join_server.kek.set]] can be repeated):
# [[join_server.kek.set]]
# # KEK label.
# label="000000"
# # Key Encryption Key.
# kek="01020304050607080102030405060708"
{{ range $index, $element := .JoinServer.KEK.Set }}
[[join_server.kek.set]]
label="{{ $element.Label }}"
kek="{{ $element.KEK }}"
{{ end }}
# Network-controller configuration.
[network_controller]
# hostname:port of the network-controller api server (optional)
server="{{ .NetworkController.Server }}"
# ca certificate used by the network-controller client (optional)
ca_cert="{{ .NetworkController.CACert }}"
# tls certificate used by the network-controller client (optional)
tls_cert="{{ .NetworkController.TLSCert }}"
# tls key used by the network-controller client (optional)
tls_key="{{ .NetworkController.TLSKey }}"
`

var configCmd = &cobra.Command{
@@ -85,6 +85,8 @@ func init() {
viper.SetDefault("network_server.gateway.backend.mqtt.ack_topic_template", "gateway/+/ack")
viper.SetDefault("network_server.gateway.backend.mqtt.config_topic_template", "gateway/{{ .MAC }}/config")
viper.SetDefault("network_server.gateway.backend.mqtt.clean_session", true)
viper.SetDefault("join_server.resolve_domain_suffix", ".joineuis.lora-alliance.org")
viper.SetDefault("join_server.default.server", "http://localhost:8003")

viper.SetDefault("network_server.gateway.backend.gcp_pub_sub.uplink_retention_duration", time.Hour*24)

@@ -27,7 +27,6 @@ import (
"github.com/brocaar/loraserver/api/ns"
"github.com/brocaar/loraserver/internal/api"
"github.com/brocaar/loraserver/internal/api/client/asclient"
"github.com/brocaar/loraserver/internal/api/client/jsclient"
"github.com/brocaar/loraserver/internal/backend"
"github.com/brocaar/loraserver/internal/backend/controller"
"github.com/brocaar/loraserver/internal/backend/gateway/gcppubsub"
@@ -36,6 +35,7 @@ import (
"github.com/brocaar/loraserver/internal/config"
"github.com/brocaar/loraserver/internal/downlink"
"github.com/brocaar/loraserver/internal/gateway"
"github.com/brocaar/loraserver/internal/joinserver"
"github.com/brocaar/loraserver/internal/migrations"
"github.com/brocaar/loraserver/internal/migrations/code"
"github.com/brocaar/loraserver/internal/storage"
@@ -272,17 +272,11 @@ func setGeolocationServer() error {
}

func setJoinServer() error {
jsClient, err := jsclient.NewClient(
config.C.JoinServer.Default.Server,
config.C.JoinServer.Default.CACert,
config.C.JoinServer.Default.TLSCert,
config.C.JoinServer.Default.TLSKey,
)
var err error
config.C.JoinServer.Pool, err = joinserver.NewPool(config.C.JoinServer)
if err != nil {
return errors.Wrap(err, "create new join-server client error")
return errors.Wrap(err, "new join-server pool error")
}
config.C.JoinServer.Pool = jsclient.NewPool(jsClient)

return nil
}

@@ -546,52 +546,96 @@ get_downlink_data_delay="100ms"
tls_key=""


# Default join-server settings.
[join_server.default]
# hostname:port of the default join-server
# Join-server settings.
[join_server]
# Resolve JoinEUI (experimental).
#
# This API is provided by LoRa App Server.
server="http://localhost:8003"
# When set to true, LoRa Server will use the JoinEUI to resolve the join-server
# for the given JoinEUI. LoRa Server will fallback on the default join-server
# when resolving the JoinEUI fails.
resolve_join_eui=false

# Resolve domain suffix.
#
# This configures the domain suffix used for resolving the join-server.
resolve_domain_suffix=".joineuis.lora-alliance.org"

# ca certificate used by the default join-server client (optional)
ca_cert=""

# tls certificate used by the default join-server client (optional)
tls_cert=""
# Join-server certificates.
#
# Example:
# [[join_server.certificates]]
# # JoinEUI.
# #
# # The JoinEUI of the joinserver to to use the certificates for.
# join_eui="0102030405060708"

# tls key used by the default join-server client (optional)
tls_key=""
# # CA certificate (optional).
# #
# # Set this to validate the join-server server certificate (e.g. when the
# # certificate was self-signed).
# ca_cert="/path/to/ca.pem"

# # TLS client-certificate (optional).
# #
# # Set this to enable client-certificate authentication with the join-server.
# tls_cert="/path/to/tls_cert.pem"

# Join-server KEK set.
#
# These KEKs (Key Encryption Keys) are used to decrypt the network related
# session-keys received from the join-server on a (re)join-accept.
# Please refer to the LoRaWAN Backend Interface specification
# 'Key Transport Security' section for more information.
#
# Example (the [[join_server.kek.set]] can be repeated):
# [[join_server.kek.set]]
# # KEK label.
# label="000000"
# # TLS client-certificate key (optional).
# #
# # Set this to enable client-certificate authentication with the join-server.
# tls_key="/path/to/tls_key.pem"


# Default join-server settings.
#
# This join-server will be used when resolving the JoinEUI is set to false
# or as a fallback when resolving the JoinEUI fails.
[join_server.default]
# hostname:port of the default join-server
#
# This API is provided by LoRa App Server.
server="http://localhost:8003"

# ca certificate used by the default join-server client (optional)
ca_cert=""

# # Key Encryption Key.
# kek="01020304050607080102030405060708"
# tls certificate used by the default join-server client (optional)
tls_cert=""

# tls key used by the default join-server client (optional)
tls_key=""


# Join-server KEK set.
#
# These KEKs (Key Encryption Keys) are used to decrypt the network related
# session-keys received from the join-server on a (re)join-accept.
# Please refer to the LoRaWAN Backend Interface specification
# 'Key Transport Security' section for more information.
#
# Example (the [[join_server.kek.set]] can be repeated):
# [[join_server.kek.set]]
# # KEK label.
# label="000000"

# # Key Encryption Key.
# kek="01020304050607080102030405060708"


# Network-controller configuration.
[network_controller]
# hostname:port of the network-controller api server (optional)
server=""
# Network-controller configuration.
[network_controller]
# hostname:port of the network-controller api server (optional)
server=""

# ca certificate used by the network-controller client (optional)
ca_cert=""
# ca certificate used by the network-controller client (optional)
ca_cert=""

# tls certificate used by the network-controller client (optional)
tls_cert=""
# tls certificate used by the network-controller client (optional)
tls_cert=""

# tls key used by the network-controller client (optional)
tls_key=""
# tls key used by the network-controller client (optional)
tls_key=""
{{< /highlight >}}

## Securing the network-server API

This file was deleted.

Oops, something went wrong.
@@ -8,11 +8,11 @@ import (
"github.com/brocaar/loraserver/api/geo"
"github.com/brocaar/loraserver/api/nc"
"github.com/brocaar/loraserver/internal/api/client/asclient"
"github.com/brocaar/loraserver/internal/api/client/jsclient"
"github.com/brocaar/loraserver/internal/backend"
"github.com/brocaar/loraserver/internal/backend/gateway/gcppubsub"
"github.com/brocaar/loraserver/internal/backend/gateway/mqtt"
"github.com/brocaar/loraserver/internal/common"
"github.com/brocaar/loraserver/internal/joinserver"
"github.com/brocaar/lorawan"
"github.com/brocaar/lorawan/band"
)
@@ -123,23 +123,7 @@ type Config struct {
TLSKey string `mapstructure:"tls_key"`
} `mapstructure:"geolocation_server"`

JoinServer struct {
Pool jsclient.Pool

Default struct {
Server string
CACert string `mapstructure:"ca_cert"`
TLSCert string `mapstructure:"tls_cert"`
TLSKey string `mapstructure:"tls_key"`
}

KEK struct {
Set []struct {
Label string
KEK string `mapstructure:"kek"`
}
} `mapstructure:"kek"`
} `mapstructure:"join_server"`
JoinServer joinserver.Config `mapstructure:"join_server"`

ApplicationServer struct {
Pool asclient.Pool
Oops, something went wrong.

0 comments on commit 036a553

Please sign in to comment.