Simon,
regarding your usage of the PublicKey:
Am I right in assuming that you keep a Map<InetSocketAddress, PublicKey> which you use to verify that a LWM2M client’s endpoint address matches
the (pre-)registered PublicKey?
If this is the case, couldn’t you simply use a Map<InetSocketAddress, String> where you use the Principal.getName() as the value? At least this
is how the CoAP spec envisions the usage of RawPublicKeys, using a hash of the SubjectInfo structure as defined by RFC 6920 [1]. This is exactly what RawPublicKeyIdentity.getName() returns …
Or are you doing any cryptographic verification based on the PublicKey?
[1] http://tools.ietf.org/html/rfc6920
Regards,
Kai
From: leshan-dev-bounces@xxxxxxxxxxx
[mailto:leshan-dev-bounces@xxxxxxxxxxx] On Behalf Of Simon Bernard
Sent: Wednesday, April 29, 2015 11:49 AM
To: leshan developer discussions
Subject: Re: [leshan-dev] Time for a milestone release
Ok I did the modification. It's ok now.
Thx a lot Kai !
(About the use of the PublicKey we just need it to verify if the couple client endpoint/publickey is valid. To avoid that a client which has a good public/private key at dtls level can usurp the identity of another client. We use the class PublicKey as it seems
a good java abstraction for public key, we could also use a byte[] but is not so clear cause of the different key encoding formats)