LeshanClient: Add initial trust store support.

Trust store is needed for initial bootstrapping and for certificate usage modes
where configured trust store is utilized.

Signed-off-by: Vesa Jääskeläinen <dachaac@gmail.com>

leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.java

@@ -60,16 +60,26 @@ public class CaliforniumEndpointsManager implements EndpointsManager {
     protected CoapEndpoint currentEndpoint;
 
     protected Builder dtlsConfigbuilder;
+    protected List<Certificate> trustStore;
     protected NetworkConfig coapConfig;
     protected InetSocketAddress localAddress;
     protected CoapServer coapServer;
     protected EndpointFactory endpointFactory;
 
     public CaliforniumEndpointsManager(InetSocketAddress localAddress, NetworkConfig coapConfig,
             Builder dtlsConfigBuilder, EndpointFactory endpointFactory) {
+        this(localAddress, coapConfig, dtlsConfigBuilder, null, endpointFactory);
+    }
+
+    /**
+     * @since 2.0
+     */
+    public CaliforniumEndpointsManager(InetSocketAddress localAddress, NetworkConfig coapConfig,
+            Builder dtlsConfigBuilder, List<Certificate> trustStore, EndpointFactory endpointFactory) {
         this.localAddress = localAddress;
         this.coapConfig = coapConfig;
         this.dtlsConfigbuilder = dtlsConfigBuilder;
+        this.trustStore = trustStore;
         this.endpointFactory = endpointFactory;
     }
 

leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/LeshanClient.java

@@ -16,6 +16,7 @@
 package org.eclipse.leshan.client.californium;
 
 import java.net.InetSocketAddress;
+import java.security.cert.Certificate;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ScheduledExecutorService;
@@ -83,6 +84,16 @@ public LeshanClient(String endpoint, InetSocketAddress localAddress,
             EndpointFactory endpointFactory, RegistrationEngineFactory engineFactory,
             Map<String, String> additionalAttributes, Map<String, String> bsAdditionalAttributes,
             LwM2mNodeEncoder encoder, LwM2mNodeDecoder decoder, ScheduledExecutorService sharedExecutor) {
+        this(endpoint, localAddress, objectEnablers, coapConfig, dtlsConfigBuilder, null, endpointFactory,
+                engineFactory, additionalAttributes, bsAdditionalAttributes, encoder, decoder, sharedExecutor);
+    }
+
+    /** @since 2.0 */
+    public LeshanClient(String endpoint, InetSocketAddress localAddress,
+            List<? extends LwM2mObjectEnabler> objectEnablers, NetworkConfig coapConfig, Builder dtlsConfigBuilder, List<Certificate> trustStore,
+            EndpointFactory endpointFactory, RegistrationEngineFactory engineFactory,
+            Map<String, String> additionalAttributes, Map<String, String> bsAdditionalAttributes,
+            LwM2mNodeEncoder encoder, LwM2mNodeDecoder decoder, ScheduledExecutorService sharedExecutor) {
 
         Validate.notNull(endpoint);
         Validate.notEmpty(objectEnablers);
@@ -91,7 +102,7 @@ public LeshanClient(String endpoint, InetSocketAddress localAddress,
         objectTree = createObjectTree(objectEnablers);
         observers = createClientObserverDispatcher();
         bootstrapHandler = createBoostrapHandler(objectTree);
-        endpointsManager = createEndpointsManager(localAddress, coapConfig, dtlsConfigBuilder, endpointFactory);
+        endpointsManager = createEndpointsManager(localAddress, coapConfig, dtlsConfigBuilder, trustStore, endpointFactory);
         requestSender = createRequestSender(endpointsManager, sharedExecutor);
         engine = engineFactory.createRegistratioEngine(endpoint, objectTree, endpointsManager, requestSender,
                 bootstrapHandler, observers, additionalAttributes, bsAdditionalAttributes, sharedExecutor);
@@ -178,8 +189,8 @@ protected CoapResource createBootstrapResource(RegistrationEngine engine, Bootst
     }
 
     protected CaliforniumEndpointsManager createEndpointsManager(InetSocketAddress localAddress,
-            NetworkConfig coapConfig, Builder dtlsConfigBuilder, EndpointFactory endpointFactory) {
-        return new CaliforniumEndpointsManager(localAddress, coapConfig, dtlsConfigBuilder, endpointFactory);
+            NetworkConfig coapConfig, Builder dtlsConfigBuilder, List<Certificate> trustStore, EndpointFactory endpointFactory) {
+        return new CaliforniumEndpointsManager(localAddress, coapConfig, dtlsConfigBuilder, trustStore, endpointFactory);
     }
 
     protected CaliforniumLwM2mRequestSender createRequestSender(CaliforniumEndpointsManager endpointsManager,

leshan-client-cf/src/main/java/org/eclipse/leshan/client/californium/LeshanClientBuilder.java

@@ -16,6 +16,7 @@
 package org.eclipse.leshan.client.californium;
 
 import java.net.InetSocketAddress;
+import java.security.cert.Certificate;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ScheduledExecutorService;
@@ -61,6 +62,7 @@ public class LeshanClientBuilder {
 
     private NetworkConfig coapConfig;
     private Builder dtlsConfigBuilder;
+    private List<Certificate> trustStore;
 
     private LwM2mNodeEncoder encoder;
     private LwM2mNodeDecoder decoder;
@@ -156,6 +158,15 @@ public LeshanClientBuilder setDtlsConfig(DtlsConnectorConfig.Builder config) {
         return this;
     }
 
+    /**
+     * Set optional trust store for verifying X.509 server certificates.
+     * @param trustStore List of trusted CA certificates
+     */
+    public LeshanClientBuilder setTrustStore(List<Certificate> trustStore) {
+        this.trustStore = trustStore;
+        return this;
+    }
+
     /**
      * Advanced setter used to create custom CoAP endpoint.
      * <p>
@@ -309,7 +320,7 @@ protected Connector createSecuredConnector(DtlsConnectorConfig dtlsConfig) {
         }
 
         return createLeshanClient(endpoint, localAddress, objectEnablers, coapConfig, dtlsConfigBuilder,
-                endpointFactory, engineFactory, additionalAttributes, encoder, decoder, executor);
+                this.trustStore, endpointFactory, engineFactory, additionalAttributes, encoder, decoder, executor);
     }
 
     /**
@@ -326,6 +337,7 @@ protected Connector createSecuredConnector(DtlsConnectorConfig dtlsConfig) {
      *        client.
      * @param coapConfig The coap config used to create {@link CoapEndpoint} and {@link CoapServer}.
      * @param dtlsConfigBuilder The dtls config used to create the {@link DTLSConnector}.
+     * @param trustStore The optional trust store for verifying X.509 server certificates.
      * @param endpointFactory The factory which will create the {@link CoapEndpoint}.
      * @param engineFactory The factory which will create the {@link RegistrationEngine}.
      * @param additionalAttributes Some extra (out-of-spec) attributes to add to the register request.
@@ -337,10 +349,11 @@ protected Connector createSecuredConnector(DtlsConnectorConfig dtlsConfig) {
      */
     protected LeshanClient createLeshanClient(String endpoint, InetSocketAddress localAddress,
             List<? extends LwM2mObjectEnabler> objectEnablers, NetworkConfig coapConfig, Builder dtlsConfigBuilder,
-            EndpointFactory endpointFactory, RegistrationEngineFactory engineFactory,
+            List<Certificate> trustStore, EndpointFactory endpointFactory, RegistrationEngineFactory engineFactory,
             Map<String, String> additionalAttributes, LwM2mNodeEncoder encoder, LwM2mNodeDecoder decoder,
             ScheduledExecutorService sharedExecutor) {
-        return new LeshanClient(endpoint, localAddress, objectEnablers, coapConfig, dtlsConfigBuilder, endpointFactory,
-                engineFactory, additionalAttributes, bsAdditionalAttributes, encoder, decoder, executor);
+        return new LeshanClient(endpoint, localAddress, objectEnablers, coapConfig, dtlsConfigBuilder, trustStore,
+                endpointFactory, engineFactory, additionalAttributes, bsAdditionalAttributes, encoder, decoder,
+                executor);
     }
 }