Cf-2.5.0 : remove usage of deprecated PskStore

leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java

@@ -39,7 +39,7 @@
 import org.eclipse.californium.scandium.dtls.DTLSSession;
 import org.eclipse.californium.scandium.dtls.HandshakeException;
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
-import org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore;
+import org.eclipse.californium.scandium.dtls.pskstore.AdvancedSinglePskStore;
 import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
 import org.eclipse.californium.scandium.dtls.x509.CertificateVerifier;
 import org.eclipse.leshan.client.EndpointsManager;
@@ -99,8 +99,8 @@ public synchronized ServerIdentity createEndpoint(ServerInfo serverInfo) {
 
             // Support PSK
             if (serverInfo.secureMode == SecurityMode.PSK) {
-                StaticPskStore staticPskStore = new StaticPskStore(serverInfo.pskId, serverInfo.pskKey);
-                newBuilder.setPskStore(staticPskStore);
+                AdvancedSinglePskStore staticPskStore = new AdvancedSinglePskStore(serverInfo.pskId, serverInfo.pskKey);
+                newBuilder.setAdvancedPskStore(staticPskStore);
                 serverIdentity = Identity.psk(serverInfo.getAddress(), serverInfo.pskId);
                 filterCipherSuites(newBuilder, dtlsConfigbuilder.getIncompleteConfig().getSupportedCipherSuites(), true,
                         false);

leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/SecurityObjectPskStore.java

@@ -41,7 +41,10 @@
 
 /**
  * a {@link PskStore} which search PSK credentials in Lwm2m Security object.
+ * 
+ * @deprecated this is no more used CaliforniumEndpointsManager is responsible to create {@link PskStore}.
  */
+@Deprecated
 public class SecurityObjectPskStore implements PskStore {
     private static final Logger LOG = LoggerFactory.getLogger(SecurityObjectPskStore.class);
 

leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/SecureIntegrationTestHelper.java

@@ -47,9 +47,10 @@
 import org.eclipse.californium.scandium.DTLSConnector;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig.Builder;
+import org.eclipse.californium.scandium.dtls.ConnectionId;
 import org.eclipse.californium.scandium.dtls.PskPublicInformation;
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
-import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
+import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
 import org.eclipse.leshan.client.californium.LeshanClientBuilder;
 import org.eclipse.leshan.client.object.Device;
 import org.eclipse.leshan.client.object.Security;
@@ -235,13 +236,13 @@ public CoapEndpoint createSecuredEndpoint(DtlsConnectorConfig dtlsConfig, Networ
                 Builder dtlsConfigBuilder = new Builder(dtlsConfig);
 
                 // tricks to be able to change psk information on the fly
-                @SuppressWarnings("deprecation")
-                PskStore pskStore = dtlsConfig.getPskStore();
+                AdvancedPskStore pskStore = dtlsConfig.getAdvancedPskStore();
                 if (pskStore != null) {
-                    PskPublicInformation identity = pskStore.getIdentity(null);
-                    SecretKey key = pskStore.getKey(identity);
+                    PskPublicInformation identity = pskStore.getIdentity(null, null);
+                    SecretKey key = pskStore
+                            .requestPskSecretResult(ConnectionId.EMPTY, null, identity, null, null, null).getSecret();
                     singlePSKStore = new SinglePSKStore(identity, key);
-                    dtlsConfigBuilder.setPskStore(singlePSKStore);
+                    dtlsConfigBuilder.setAdvancedPskStore(singlePSKStore);
                 }
                 builder.setConnector(new DTLSConnector(dtlsConfigBuilder.build()));
                 builder.setNetworkConfig(coapConfig);

leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/SinglePSKStore.java

@@ -19,12 +19,14 @@
 
 import javax.crypto.SecretKey;
 
+import org.eclipse.californium.scandium.dtls.ConnectionId;
 import org.eclipse.californium.scandium.dtls.PskPublicInformation;
-import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
+import org.eclipse.californium.scandium.dtls.PskSecretResult;
+import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
 import org.eclipse.californium.scandium.util.SecretUtil;
 import org.eclipse.californium.scandium.util.ServerNames;
 
-public class SinglePSKStore implements PskStore {
+public class SinglePSKStore implements AdvancedPskStore {
 
     private PskPublicInformation identity;
     private SecretKey key;
@@ -40,24 +42,26 @@ public SinglePSKStore(PskPublicInformation identity, SecretKey key) {
     }
 
     @Override
-    public SecretKey getKey(PskPublicInformation identity) {
-        return SecretUtil.create(key);
+    public boolean hasEcdhePskSupported() {
+        return true;
     }
 
     @Override
-    public SecretKey getKey(ServerNames serverName, PskPublicInformation identity) {
-        // we do not support SNI
-        return getKey(identity);
+    public PskSecretResult requestPskSecretResult(ConnectionId cid, ServerNames serverName,
+            PskPublicInformation identity, String hmacAlgorithm, SecretKey otherSecret, byte[] seed) {
+        SecretKey pskSecret = SecretUtil.create(key);
+        return new PskSecretResult(cid, identity, pskSecret);
     }
 
     @Override
-    public PskPublicInformation getIdentity(InetSocketAddress inetAddress) {
-        return identity;
+    public void setResultHandler(
+            @SuppressWarnings("deprecation") org.eclipse.californium.scandium.dtls.PskSecretResultHandler resultHandler) {
+        // we don't use async mode.
     }
 
     @Override
     public PskPublicInformation getIdentity(InetSocketAddress peerAddress, ServerNames virtualHost) {
-        throw new UnsupportedOperationException();
+        return identity;
     }
 
     public void setKey(byte[] key) {

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/LeshanServerBuilder.java

@@ -446,7 +446,7 @@ public LeshanServer build() {
                 LOG.warn(
                         "PskStore should be automatically set by Leshan. Using a custom implementation is not advised.");
             } else if (securityStore != null) {
-                dtlsConfigBuilder.setPskStore(new LwM2mPskStore(this.securityStore, registrationStore));
+                dtlsConfigBuilder.setAdvancedPskStore(new LwM2mAdvancedPskStore(this.securityStore, registrationStore));
             }
 
             // Handle secure address

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/LwM2mAdvancedPskStore.java

@@ -0,0 +1,93 @@
+/*******************************************************************************
+ * Copyright (c) 2013-2015 Sierra Wireless and others.
+ * 
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v2.0
+ * and Eclipse Distribution License v1.0 which accompany this distribution.
+ * 
+ * The Eclipse Public License is available at
+ *    http://www.eclipse.org/legal/epl-v20.html
+ * and the Eclipse Distribution License is available at
+ *    http://www.eclipse.org/org/documents/edl-v10.html.
+ * 
+ * Contributors:
+ *     Sierra Wireless - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.leshan.server.californium;
+
+import java.net.InetSocketAddress;
+
+import javax.crypto.SecretKey;
+
+import org.eclipse.californium.scandium.dtls.ConnectionId;
+import org.eclipse.californium.scandium.dtls.PskPublicInformation;
+import org.eclipse.californium.scandium.dtls.PskSecretResult;
+import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
+import org.eclipse.californium.scandium.util.SecretUtil;
+import org.eclipse.californium.scandium.util.ServerNames;
+import org.eclipse.leshan.server.registration.Registration;
+import org.eclipse.leshan.server.registration.RegistrationStore;
+import org.eclipse.leshan.server.security.SecurityInfo;
+import org.eclipse.leshan.server.security.SecurityStore;
+
+/**
+ * A {@link AdvancedPskStore} which retrieve PSK information from Leshan {@link SecurityStore}.
+ * 
+ * @since 1.3.0
+ */
+public class LwM2mAdvancedPskStore implements AdvancedPskStore {
+
+    private SecurityStore securityStore;
+    private RegistrationStore registrationStore;
+
+    public LwM2mAdvancedPskStore(SecurityStore securityStore) {
+        this(securityStore, null);
+    }
+
+    public LwM2mAdvancedPskStore(SecurityStore securityStore, RegistrationStore registrationStore) {
+        this.securityStore = securityStore;
+        this.registrationStore = registrationStore;
+    }
+
+    @Override
+    public boolean hasEcdhePskSupported() {
+        return true;
+    }
+
+    @Override
+    public PskSecretResult requestPskSecretResult(ConnectionId cid, ServerNames serverName,
+            PskPublicInformation identity, String hmacAlgorithm, SecretKey otherSecret, byte[] seed) {
+        if (securityStore == null)
+            return null;
+
+        SecurityInfo info = securityStore.getByIdentity(identity.getPublicInfoAsString());
+        if (info == null || info.getPreSharedKey() == null) {
+            return new PskSecretResult(cid, identity, null);
+        } else {
+            // defensive copy
+            return new PskSecretResult(cid, identity, SecretUtil.create(info.getPreSharedKey(), "PSK"));
+        }
+    }
+
+    @Override
+    public void setResultHandler(
+            @SuppressWarnings("deprecation") org.eclipse.californium.scandium.dtls.PskSecretResultHandler resultHandler) {
+        // we don't use async mode.
+    }
+
+    @Override
+    public PskPublicInformation getIdentity(InetSocketAddress peerAddress, ServerNames virtualHost) {
+        if (registrationStore == null)
+            return null;
+
+        Registration registration = registrationStore.getRegistrationByAdress(peerAddress);
+        if (registration != null) {
+            SecurityInfo securityInfo = securityStore.getByEndpoint(registration.getEndpoint());
+            if (securityInfo != null) {
+                return new PskPublicInformation(securityInfo.getIdentity());
+            }
+            return null;
+        }
+        return null;
+    }
+}

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/LwM2mPskStore.java

@@ -30,7 +30,10 @@
 
 /**
  * A {@link PskStore} which retrieve PSK information from Leshan {@link SecurityStore}.
+ * 
+ * @deprecated use {@link LwM2mAdvancedPskStore} instead
  */
+@Deprecated
 public class LwM2mPskStore implements PskStore {
 
     private SecurityStore securityStore;

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/bootstrap/LeshanBootstrapServerBuilder.java

@@ -447,7 +447,7 @@ public BootstrapHandler create(BootstrapConfigStore store, LwM2mBootstrapRequest
                 LOG.warn(
                         "PskStore should be automatically set by Leshan. Using a custom implementation is not advised.");
             } else if (securityStore != null) {
-                dtlsConfigBuilder.setPskStore(new LwM2mBootstrapPskStore(securityStore));
+                dtlsConfigBuilder.setAdvancedPskStore(new LwM2mAdvancedBootstrapPskStore(securityStore));
             }
 
             // Handle secure address

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/bootstrap/LwM2mAdvancedBootstrapPskStore.java

@@ -0,0 +1,75 @@
+/*******************************************************************************
+ * Copyright (c) 2013-2015 Sierra Wireless and others.
+ * 
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v2.0
+ * and Eclipse Distribution License v1.0 which accompany this distribution.
+ * 
+ * The Eclipse Public License is available at
+ *    http://www.eclipse.org/legal/epl-v20.html
+ * and the Eclipse Distribution License is available at
+ *    http://www.eclipse.org/org/documents/edl-v10.html.
+ * 
+ * Contributors:
+ *     Sierra Wireless - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.leshan.server.californium.bootstrap;
+
+import java.net.InetSocketAddress;
+
+import javax.crypto.SecretKey;
+
+import org.eclipse.californium.scandium.dtls.ConnectionId;
+import org.eclipse.californium.scandium.dtls.PskPublicInformation;
+import org.eclipse.californium.scandium.dtls.PskSecretResult;
+import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
+import org.eclipse.californium.scandium.util.SecretUtil;
+import org.eclipse.californium.scandium.util.ServerNames;
+import org.eclipse.leshan.server.security.BootstrapSecurityStore;
+import org.eclipse.leshan.server.security.SecurityInfo;
+
+/**
+ * an {@link AdvancedPskStore} to feed a Bootstrap server.
+ * 
+ * Only supports getting the PSK key for a given identity. (Getting identity from IP only makes sense when we initiate
+ * DTLS Connection) side.)
+ * 
+ * @since 1.3.0
+ */
+public class LwM2mAdvancedBootstrapPskStore implements AdvancedPskStore {
+
+    private BootstrapSecurityStore bsSecurityStore;
+
+    public LwM2mAdvancedBootstrapPskStore(BootstrapSecurityStore bsSecurityStore) {
+        this.bsSecurityStore = bsSecurityStore;
+    }
+
+    @Override
+    public boolean hasEcdhePskSupported() {
+        return true;
+    }
+
+    @Override
+    public PskSecretResult requestPskSecretResult(ConnectionId cid, ServerNames serverName,
+            PskPublicInformation identity, String hmacAlgorithm, SecretKey otherSecret, byte[] seed) {
+        SecurityInfo info = bsSecurityStore.getByIdentity(identity.getPublicInfoAsString());
+        if (info == null || info.getPreSharedKey() == null) {
+            return new PskSecretResult(cid, identity, null);
+        } else {
+            // defensive copy
+            return new PskSecretResult(cid, identity, SecretUtil.create(info.getPreSharedKey(), "PSK"));
+        }
+
+    }
+
+    @Override
+    public void setResultHandler(
+            @SuppressWarnings("deprecation") org.eclipse.californium.scandium.dtls.PskSecretResultHandler resultHandler) {
+        // we don't use async mode.
+    }
+
+    @Override
+    public PskPublicInformation getIdentity(InetSocketAddress peerAddress, ServerNames virtualHost) {
+        throw new UnsupportedOperationException("Getting PSK Id by IP addresss dos not make sense on BS server side.");
+    }
+}

leshan-server-cf/src/main/java/org/eclipse/leshan/server/californium/bootstrap/LwM2mBootstrapPskStore.java

@@ -31,7 +31,10 @@
  * 
  * Only supports getting the PSK key for a given identity. (Getting identity from IP only makes sense when we initiate
  * DTLS Connection) side.)
+ * 
+ * @deprecated used {@link LwM2mAdvancedBootstrapPskStore} instead
  */
+@Deprecated
 public class LwM2mBootstrapPskStore implements PskStore {
 
     private BootstrapSecurityStore bsSecurityStore;