From bd8b3891bd03be90b1418b073b474a8e2685c228 Mon Sep 17 00:00:00 2001 From: Aliaksei Zhuk Date: Thu, 2 Mar 2023 18:53:36 +0300 Subject: [PATCH] Forbid setting empty prefixes for RedisSecurityStore --- .../RedisSecureIntegrationTestHelper.java | 2 +- .../leshan/server/demo/LeshanServerDemo.java | 10 ++-- .../server/redis/RedisSecurityStore.java | 50 ++++++++++++------- 3 files changed, 38 insertions(+), 24 deletions(-) diff --git a/leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/util/RedisSecureIntegrationTestHelper.java b/leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/util/RedisSecureIntegrationTestHelper.java index e907752519..eb472e64d0 100644 --- a/leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/util/RedisSecureIntegrationTestHelper.java +++ b/leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/util/RedisSecureIntegrationTestHelper.java @@ -34,7 +34,7 @@ protected SecurityStore createSecurityStore() { } else { jedis = new JedisPool(); } - securityStore = new RedisSecurityStore.Builder(jedis).build(); + securityStore = new RedisSecurityStore(jedis); return securityStore; } } diff --git a/leshan-server-demo/src/main/java/org/eclipse/leshan/server/demo/LeshanServerDemo.java b/leshan-server-demo/src/main/java/org/eclipse/leshan/server/demo/LeshanServerDemo.java index e521dbc74c..94f4234c32 100644 --- a/leshan-server-demo/src/main/java/org/eclipse/leshan/server/demo/LeshanServerDemo.java +++ b/leshan-server-demo/src/main/java/org/eclipse/leshan/server/demo/LeshanServerDemo.java @@ -34,7 +34,7 @@ import org.eclipse.californium.elements.util.CertPathUtil; import org.eclipse.californium.scandium.config.DtlsConfig; import org.eclipse.californium.scandium.config.DtlsConfig.DtlsRole; -import org.eclipse.californium.scandium.config.DtlsConnectorConfig; +import org.eclipse.californium.scandium.config.DtlsConnectorConfig.Builder; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.webapp.WebAppContext; @@ -162,7 +162,7 @@ public static LeshanServer createLeshanServer(LeshanServerDemoCLI cli) throws Ex securityStore = new FileSecurityStore(); } else { // use Redis Store - securityStore = new RedisSecurityStore.Builder(cli.main.redis).build(); + securityStore = new RedisSecurityStore(cli.main.redis); builder.setRegistrationStore(new RedisRegistrationStore(cli.main.redis)); } builder.setSecurityStore(securityStore); @@ -190,10 +190,8 @@ public CaliforniumServerEndpointFactory createDefaultEndpointFactory(URI uri) { return new CoapsServerEndpointFactory(uri) { @Override - protected DtlsConnectorConfig.Builder createDtlsConnectorConfigBuilder( - Configuration endpointConfiguration) { - DtlsConnectorConfig.Builder dtlsConfigBuilder = super.createDtlsConnectorConfigBuilder( - endpointConfiguration); + protected Builder createDtlsConnectorConfigBuilder(Configuration endpointConfiguration) { + Builder dtlsConfigBuilder = super.createDtlsConnectorConfigBuilder(endpointConfiguration); // Add MDC for connection logs if (cli.helpsOptions.getVerboseLevel() > 0) diff --git a/leshan-server-redis/src/main/java/org/eclipse/leshan/server/redis/RedisSecurityStore.java b/leshan-server-redis/src/main/java/org/eclipse/leshan/server/redis/RedisSecurityStore.java index 3d90686723..0dfa20ec5c 100644 --- a/leshan-server-redis/src/main/java/org/eclipse/leshan/server/redis/RedisSecurityStore.java +++ b/leshan-server-redis/src/main/java/org/eclipse/leshan/server/redis/RedisSecurityStore.java @@ -49,7 +49,11 @@ public class RedisSecurityStore implements EditableSecurityStore { private final List listeners = new CopyOnWriteArrayList<>(); - private RedisSecurityStore(Builder builder) { + public RedisSecurityStore(Pool pool) { + this(new Builder(pool)); + } + + protected RedisSecurityStore(Builder builder) { this.pool = builder.pool; this.securityInfoByEndpointPrefix = builder.securityInfoByEndpointPrefix; this.endpointByPskIdKey = builder.endpointByPskIdKey; @@ -186,29 +190,24 @@ public static class Builder { private String prefix; - /** - * Set the Redis connection pool for the {@link RedisSecurityStore}. - */ - public void setPool(Pool pool) { - this.pool = pool; - } - /** * Set the key prefix for security info lookup by endpoint. *

- * Default value is {@literal SEC#EP#}. + * Default value is {@literal SEC#EP#}. Should not be {@code null} or empty. */ - public void setSecurityInfoByEndpointPrefix(String securityInfoByEndpointPrefix) { + public Builder setSecurityInfoByEndpointPrefix(String securityInfoByEndpointPrefix) { this.securityInfoByEndpointPrefix = securityInfoByEndpointPrefix; + return this; } /** * Set the key for endpoint lookup by PSK identity. *

- * Default value is {@literal EP#PSKID}. + * Default value is {@literal EP#PSKID}. Should not be {@code null} or empty. */ - public void setEndpointByPskIdKey(String endpointByPskIdKey) { + public Builder setEndpointByPskIdKey(String endpointByPskIdKey) { this.endpointByPskIdKey = endpointByPskIdKey; + return this; } /** @@ -217,8 +216,9 @@ public void setEndpointByPskIdKey(String endpointByPskIdKey) { *

* Default value is {@literal SECSTORE#}. */ - public void setPrefix(String prefix) { + public Builder setPrefix(String prefix) { this.prefix = prefix; + return this; } public Builder(Pool pool) { @@ -231,11 +231,27 @@ public Builder(Pool pool) { /** * Create the {@link RedisSecurityStore}. *

- * @return the Redis security store. + * Throws {@link IllegalArgumentException} when {@link #securityInfoByEndpointPrefix} or + * {@link #endpointByPskIdKey} are not set or are equal to each other. */ - public RedisSecurityStore build() { - this.securityInfoByEndpointPrefix = this.prefix + this.securityInfoByEndpointPrefix; - this.endpointByPskIdKey = this.prefix + this.endpointByPskIdKey; + public RedisSecurityStore build() throws IllegalArgumentException { + if (this.securityInfoByEndpointPrefix == null || this.securityInfoByEndpointPrefix.isEmpty()) { + throw new IllegalArgumentException("securityInfoByEndpointPrefix should not be empty"); + } + + if (this.endpointByPskIdKey == null || this.endpointByPskIdKey.isEmpty()) { + throw new IllegalArgumentException("endpointByPskIdKey should not be empty"); + } + + if (this.securityInfoByEndpointPrefix.equals(this.endpointByPskIdKey)) { + throw new IllegalArgumentException( + "securityInfoByEndpointPrefix should not be equal to endpointByPskIdKey"); + } + + if (this.prefix != null) { + this.securityInfoByEndpointPrefix = this.prefix + this.securityInfoByEndpointPrefix; + this.endpointByPskIdKey = this.prefix + this.endpointByPskIdKey; + } return new RedisSecurityStore(this); }