use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.
the class SecurityProviderX509Test method getSslContextThrowsOnNullIntermediates.
@Test(expected = IllegalArgumentException.class)
public void getSslContextThrowsOnNullIntermediates() throws SecurityProviderException, KeyManagementException, KeyStoreException {
// arrange
SecurityProviderX509 securityClientX509Test = new SecurityProviderX509TestImpl(TEST_COMMON_NAME, mockedX509Certificate, mockedKey, null);
// act
securityClientX509Test.getSSLContext();
}
use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.
the class SecurityProviderX509Test method getSslContextSucceeds.
// SRS_SecurityClientX509_25_002: [ This method shall generate the SSL context. ]
// SRS_SecurityClientX509_25_007: [ This method shall use random UUID as a password for keystore. ]
// SRS_SecurityClientX509_25_008: [ This method shall create a TLSv1.2 instance. ]
// SRS_SecurityClientX509_25_009: [ This method shall retrieve the keystore loaded with trusted certs. ]
// SRS_SecurityClientX509_25_010: [ This method shall load all the provided X509 certs (leaf with both public certificate and private key,
// intermediate certificates(if any) to the Key store. ]
// SRS_SecurityClientX509_25_011: [ This method shall initialize the ssl context with X509KeyManager and X509TrustManager for the keystore. ]
// SRS_SecurityClientX509_25_012: [ This method shall return the ssl context created as above to the caller. ]
// SRS_SecurityClient_25_001: [ This method shall retrieve the default instance of keystore using default algorithm type. ]
// SRS_SecurityClient_25_002: [ This method shall retrieve the default CertificateFactory instance. ]
// SRS_SecurityClient_25_003: [ This method shall load all the trusted certificates to the keystore. ]
@Test
public void getSslContextSucceeds() throws SecurityProviderException, KeyManagementException, KeyStoreException {
// arrange
Collection<X509Certificate> certificates = new LinkedList<>();
certificates.add(mockedX509Certificate);
SecurityProviderX509 securityClientX509Test = new SecurityProviderX509TestImpl(TEST_COMMON_NAME, mockedX509Certificate, mockedKey, certificates);
new NonStrictExpectations() {
{
mockedKeyManagerFactory.getKeyManagers();
result = mockedX509KeyManager;
mockedTrustManagerFactory.getTrustManagers();
result = mockedX509TrustManager;
}
};
// act
securityClientX509Test.getSSLContext();
// assert
new Verifications() {
{
mockedKeyStore.setKeyEntry(anyString, mockedKey, (char[]) any, (X509Certificate[]) any);
times = 1;
mockedSslContext.init((KeyManager[]) any, (TrustManager[]) any, (SecureRandom) any);
times = 1;
}
};
}
use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.
the class SecurityProviderX509Test method getSslContextThrowsIfX509KeyManagerNotFound.
// SRS_SecurityClientX509_25_005: [ This method shall throw SecurityProviderException if X509 Key Manager is not found. ]
@Test(expected = SecurityProviderException.class)
public void getSslContextThrowsIfX509KeyManagerNotFound() throws SecurityProviderException, KeyManagementException, KeyStoreException {
// arrange
Collection<X509Certificate> certificates = new LinkedList<>();
certificates.add(mockedX509Certificate);
SecurityProviderX509 securityClientX509Test = new SecurityProviderX509TestImpl(TEST_COMMON_NAME, mockedX509Certificate, mockedKey, certificates);
new NonStrictExpectations() {
{
mockedKeyManagerFactory.getKeyManagers();
// not necessarily X509
result = mockedKeyManager;
}
};
// act
securityClientX509Test.getSSLContext();
}
use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.
the class RegisterTask method authenticateWithDPS.
private RegistrationOperationStatusParser authenticateWithDPS() throws ProvisioningDeviceClientException, SecurityProviderException {
if (securityProvider.getRegistrationId() == null) {
throw new ProvisioningDeviceClientException(new IllegalArgumentException("registration id cannot be null"));
}
try {
SSLContext sslContext = securityProvider.getSSLContext();
if (sslContext == null) {
throw new ProvisioningDeviceSecurityException("Null SSL Context received from security client");
}
authorization.setSslContext(sslContext);
if (this.securityProvider instanceof SecurityProviderX509) {
RequestData requestData = new RequestData(securityProvider.getRegistrationId(), sslContext, true, this.provisioningDeviceClientConfig.getPayload());
log.info("Authenticating with device provisioning service using x509 certificates");
return this.authenticateWithX509(requestData);
} else if (this.securityProvider instanceof SecurityProviderTpm) {
SecurityProviderTpm securityProviderTpm = (SecurityProviderTpm) securityProvider;
if (securityProviderTpm.getEndorsementKey() == null || securityProviderTpm.getStorageRootKey() == null) {
throw new ProvisioningDeviceSecurityException(new IllegalArgumentException("Ek or SRK cannot be null"));
}
// SRS_RegisterTask_25_009: [ If the provided security client is for Key then, this method shall save the SSL context to Authorization if it is not null and throw ProvisioningDeviceClientException otherwise. ]
RequestData requestData = new RequestData(securityProviderTpm.getEndorsementKey(), securityProviderTpm.getStorageRootKey(), securityProvider.getRegistrationId(), sslContext, null, this.provisioningDeviceClientConfig.getPayload());
log.info("Authenticating with device provisioning service using tpm");
return this.authenticateWithTPM(requestData);
} else if (this.securityProvider instanceof SecurityProviderSymmetricKey) {
RequestData requestData = new RequestData(securityProvider.getRegistrationId(), sslContext, null, this.provisioningDeviceClientConfig.getPayload());
log.info("Authenticating with device provisioning service using symmetric key");
return this.authenticateWithSasToken(requestData);
} else {
throw new ProvisioningDeviceSecurityException("Unknown Security client received");
}
} catch (SecurityProviderException | IOException | InterruptedException e) {
throw new ProvisioningDeviceSecurityException(e);
}
}
use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.
the class ProvisioningTask method call.
// this thread will continue to run until DPS status is assigned and registered or exit on error
// DPS State machine
/**
* This method executes the State machine with the device goes through during registration.
* @return Returns {@code null}
* @throws Exception This exception is thrown if any of the exception during execution is not handled.
*/
@Override
public Object call() throws Exception {
// The thread doesn't have any opened connections associated to it yet.
String threadName = this.provisioningDeviceClientContract.getHostName() + "-" + this.provisioningDeviceClientConfig.getUniqueIdentifier() + "-Cxn" + "PendingConnectionId" + "-" + THREAD_NAME;
Thread.currentThread().setName(threadName);
try {
// SRS_ProvisioningTask_25_015: [ This method shall invoke open call on the contract.]
log.info("Opening the connection to device provisioning service...");
provisioningDeviceClientContract.open(new RequestData(securityProvider.getRegistrationId(), securityProvider.getSSLContext(), securityProvider instanceof SecurityProviderX509, provisioningDeviceClientConfig.getPayload()));
// SRS_ProvisioningTask_25_007: [ This method shall invoke Register task and status task to execute the state machine of the service as per below rules.]
/*
Service State Machine Rules
SRS_ProvisioningTask_25_008: [ This method shall invoke register task and wait for it to complete.]
SRS_ProvisioningTask_25_009: [ This method shall invoke status callback with status PROVISIONING_DEVICE_STATUS_AUTHENTICATED if register task completes successfully.]
SRS_ProvisioningTask_25_010: [ This method shall invoke status task to get the current state of the device registration and wait until a terminal state is reached.]
SRS_ProvisioningTask_25_011: [ Upon reaching one of the terminal state i.e ASSIGNED, this method shall invoke registration callback with the information retrieved from service for IotHub Uri and DeviceId. Also if status callback is defined then it shall be invoked with status PROVISIONING_DEVICE_STATUS_ASSIGNED.]
SRS_ProvisioningTask_25_012: [ Upon reaching one of the terminal states i.e FAILED or DISABLED, this method shall invoke registration callback with error message received from service. Also if status callback is defined then it shall be invoked with status PROVISIONING_DEVICE_STATUS_ERROR.]
SRS_ProvisioningTask_25_013: [ Upon reaching intermediate state i.e UNASSIGNED or ASSIGNING, this method shall continue to query for status until a terminal state is reached. Also if status callback is defined then it shall be invoked with status PROVISIONING_DEVICE_STATUS_ASSIGNING.]
State diagram :
One of the following states can be reached from register or status task - (A) Unassigned (B) Assigning (C) Assigned (D) Fail (E) Disable
Return-State A B C D E
Register-State B, C, D, E C, D, E terminal terminal terminal
Status-State B, C, D, E C, D, E terminal terminal terminal
*/
String connectionId = this.provisioningDeviceClientConfig.getUniqueIdentifier();
if (connectionId == null) {
// For Symetric Key authentication, connection is not open until the registration is invoked.
connectionId = "PendingConnectionId";
}
threadName = this.provisioningDeviceClientContract.getHostName() + "-" + this.provisioningDeviceClientConfig.getUniqueIdentifier() + "-Cxn" + connectionId + "-" + THREAD_NAME;
Thread.currentThread().setName(threadName);
log.info("Connection to device provisioning service opened successfully, sending initial device registration message");
RegistrationOperationStatusParser registrationOperationStatusParser = this.invokeRegister();
log.info("Waiting for device provisioning service to provision this device...");
this.executeStateMachineForStatus(registrationOperationStatusParser);
this.close();
} catch (ExecutionException | TimeoutException | ProvisioningDeviceClientException | SecurityProviderException e) {
// SRS_ProvisioningTask_25_006: [ This method shall invoke the status callback, if any of the task fail or throw any exception. ]
this.dpsStatus = PROVISIONING_DEVICE_STATUS_ERROR;
invokeRegistrationCallback(new RegistrationResult(null, null, null, PROVISIONING_DEVICE_STATUS_ERROR), e);
// SRS_ProvisioningTask_25_015: [ This method shall invoke close call on the contract and close the threads started.]
this.close();
}
return null;
}
Aggregations