Examples with SecurityProviderX509 com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 used on opensource projects

Search in sources :

Example 1 with SecurityProviderX509

use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.

the class SecurityProviderX509Test method getSslContextThrowsOnNullIntermediates.

@Test(expected = IllegalArgumentException.class)
public void getSslContextThrowsOnNullIntermediates() throws SecurityProviderException, KeyManagementException, KeyStoreException {
    // arrange
    SecurityProviderX509 securityClientX509Test = new SecurityProviderX509TestImpl(TEST_COMMON_NAME, mockedX509Certificate, mockedKey, null);
    // act
    securityClientX509Test.getSSLContext();
}
Also used : SecurityProviderX509(com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509) Test(org.junit.Test)

Example 2 with SecurityProviderX509

use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.

the class SecurityProviderX509Test method getSslContextSucceeds.

// SRS_SecurityClientX509_25_002: [ This method shall generate the SSL context. ]
// SRS_SecurityClientX509_25_007: [ This method shall use random UUID as a password for keystore. ]
// SRS_SecurityClientX509_25_008: [ This method shall create a TLSv1.2 instance. ]
// SRS_SecurityClientX509_25_009: [ This method shall retrieve the keystore loaded with trusted certs. ]
// SRS_SecurityClientX509_25_010: [ This method shall load all the provided X509 certs (leaf with both public certificate and private key,
// intermediate certificates(if any) to the Key store. ]
// SRS_SecurityClientX509_25_011: [ This method shall initialize the ssl context with X509KeyManager and X509TrustManager for the keystore. ]
// SRS_SecurityClientX509_25_012: [ This method shall return the ssl context created as above to the caller. ]
// SRS_SecurityClient_25_001: [ This method shall retrieve the default instance of keystore using default algorithm type. ]
// SRS_SecurityClient_25_002: [ This method shall retrieve the default CertificateFactory instance. ]
// SRS_SecurityClient_25_003: [ This method shall load all the trusted certificates to the keystore. ]
@Test
public void getSslContextSucceeds() throws SecurityProviderException, KeyManagementException, KeyStoreException {
    // arrange
    Collection<X509Certificate> certificates = new LinkedList<>();
    certificates.add(mockedX509Certificate);
    SecurityProviderX509 securityClientX509Test = new SecurityProviderX509TestImpl(TEST_COMMON_NAME, mockedX509Certificate, mockedKey, certificates);
    new NonStrictExpectations() {

        {
            mockedKeyManagerFactory.getKeyManagers();
            result = mockedX509KeyManager;
            mockedTrustManagerFactory.getTrustManagers();
            result = mockedX509TrustManager;
        }
    };
    // act
    securityClientX509Test.getSSLContext();
    // assert
    new Verifications() {

        {
            mockedKeyStore.setKeyEntry(anyString, mockedKey, (char[]) any, (X509Certificate[]) any);
            times = 1;
            mockedSslContext.init((KeyManager[]) any, (TrustManager[]) any, (SecureRandom) any);
            times = 1;
        }
    };
}
Also used : SecurityProviderX509(com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509) X509Certificate(java.security.cert.X509Certificate) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 3 with SecurityProviderX509

use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.

the class SecurityProviderX509Test method getSslContextThrowsIfX509KeyManagerNotFound.

// SRS_SecurityClientX509_25_005: [ This method shall throw SecurityProviderException if X509 Key Manager is not found. ]
@Test(expected = SecurityProviderException.class)
public void getSslContextThrowsIfX509KeyManagerNotFound() throws SecurityProviderException, KeyManagementException, KeyStoreException {
    // arrange
    Collection<X509Certificate> certificates = new LinkedList<>();
    certificates.add(mockedX509Certificate);
    SecurityProviderX509 securityClientX509Test = new SecurityProviderX509TestImpl(TEST_COMMON_NAME, mockedX509Certificate, mockedKey, certificates);
    new NonStrictExpectations() {

        {
            mockedKeyManagerFactory.getKeyManagers();
            // not necessarily X509
            result = mockedKeyManager;
        }
    };
    // act
    securityClientX509Test.getSSLContext();
}
Also used : SecurityProviderX509(com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509) X509Certificate(java.security.cert.X509Certificate) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 4 with SecurityProviderX509

use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.

the class RegisterTask method authenticateWithDPS.

private RegistrationOperationStatusParser authenticateWithDPS() throws ProvisioningDeviceClientException, SecurityProviderException {
    if (securityProvider.getRegistrationId() == null) {
        throw new ProvisioningDeviceClientException(new IllegalArgumentException("registration id cannot be null"));
    }
    try {
        SSLContext sslContext = securityProvider.getSSLContext();
        if (sslContext == null) {
            throw new ProvisioningDeviceSecurityException("Null SSL Context received from security client");
        }
        authorization.setSslContext(sslContext);
        if (this.securityProvider instanceof SecurityProviderX509) {
            RequestData requestData = new RequestData(securityProvider.getRegistrationId(), sslContext, true, this.provisioningDeviceClientConfig.getPayload());
            log.info("Authenticating with device provisioning service using x509 certificates");
            return this.authenticateWithX509(requestData);
        } else if (this.securityProvider instanceof SecurityProviderTpm) {
            SecurityProviderTpm securityProviderTpm = (SecurityProviderTpm) securityProvider;
            if (securityProviderTpm.getEndorsementKey() == null || securityProviderTpm.getStorageRootKey() == null) {
                throw new ProvisioningDeviceSecurityException(new IllegalArgumentException("Ek or SRK cannot be null"));
            }
            // SRS_RegisterTask_25_009: [ If the provided security client is for Key then, this method shall save the SSL context to Authorization if it is not null and throw ProvisioningDeviceClientException otherwise. ]
            RequestData requestData = new RequestData(securityProviderTpm.getEndorsementKey(), securityProviderTpm.getStorageRootKey(), securityProvider.getRegistrationId(), sslContext, null, this.provisioningDeviceClientConfig.getPayload());
            log.info("Authenticating with device provisioning service using tpm");
            return this.authenticateWithTPM(requestData);
        } else if (this.securityProvider instanceof SecurityProviderSymmetricKey) {
            RequestData requestData = new RequestData(securityProvider.getRegistrationId(), sslContext, null, this.provisioningDeviceClientConfig.getPayload());
            log.info("Authenticating with device provisioning service using symmetric key");
            return this.authenticateWithSasToken(requestData);
        } else {
            throw new ProvisioningDeviceSecurityException("Unknown Security client received");
        }
    } catch (SecurityProviderException | IOException | InterruptedException e) {
        throw new ProvisioningDeviceSecurityException(e);
    }
}
Also used : ProvisioningDeviceSecurityException(com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceSecurityException) SecurityProviderTpm(com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderTpm) SecurityProviderX509(com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509) SecurityProviderSymmetricKey(com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderSymmetricKey) SecurityProviderException(com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) ProvisioningDeviceClientException(com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceClientException)

Example 5 with SecurityProviderX509

use of com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509 in project azure-iot-sdk-java by Azure.

the class ProvisioningTask method call.

// this thread will continue to run until DPS status is assigned and registered or exit on error
// DPS State machine
/**
 * This method executes the State machine with the device goes through during registration.
 * @return Returns {@code null}
 * @throws Exception This exception is thrown if any of the exception during execution is not handled.
 */
@Override
public Object call() throws Exception {
    // The thread doesn't have any opened connections associated to it yet.
    String threadName = this.provisioningDeviceClientContract.getHostName() + "-" + this.provisioningDeviceClientConfig.getUniqueIdentifier() + "-Cxn" + "PendingConnectionId" + "-" + THREAD_NAME;
    Thread.currentThread().setName(threadName);
    try {
        // SRS_ProvisioningTask_25_015: [ This method shall invoke open call on the contract.]
        log.info("Opening the connection to device provisioning service...");
        provisioningDeviceClientContract.open(new RequestData(securityProvider.getRegistrationId(), securityProvider.getSSLContext(), securityProvider instanceof SecurityProviderX509, provisioningDeviceClientConfig.getPayload()));
        // SRS_ProvisioningTask_25_007: [ This method shall invoke Register task and status task to execute the state machine of the service as per below rules.]
        /*
            Service State Machine Rules

            SRS_ProvisioningTask_25_008: [ This method shall invoke register task and wait for it to complete.]
            SRS_ProvisioningTask_25_009: [ This method shall invoke status callback with status PROVISIONING_DEVICE_STATUS_AUTHENTICATED if register task completes successfully.]
            SRS_ProvisioningTask_25_010: [ This method shall invoke status task to get the current state of the device registration and wait until a terminal state is reached.]
            SRS_ProvisioningTask_25_011: [ Upon reaching one of the terminal state i.e ASSIGNED, this method shall invoke registration callback with the information retrieved from service for IotHub Uri and DeviceId. Also if status callback is defined then it shall be invoked with status PROVISIONING_DEVICE_STATUS_ASSIGNED.]
            SRS_ProvisioningTask_25_012: [ Upon reaching one of the terminal states i.e FAILED or DISABLED, this method shall invoke registration callback with error message received from service. Also if status callback is defined then it shall be invoked with status PROVISIONING_DEVICE_STATUS_ERROR.]
            SRS_ProvisioningTask_25_013: [ Upon reaching intermediate state i.e UNASSIGNED or ASSIGNING, this method shall continue to query for status until a terminal state is reached. Also if status callback is defined then it shall be invoked with status PROVISIONING_DEVICE_STATUS_ASSIGNING.]
            State diagram :

            One of the following states can be reached from register or status task - (A) Unassigned (B) Assigning (C) Assigned (D) Fail (E) Disable

                Return-State	A	            B	        C	        D	        E
                Register-State	B, C, D, E	    C, D, E	    terminal	terminal	terminal
                Status-State	B, C, D, E	    C, D, E	    terminal	terminal	terminal
             */
        String connectionId = this.provisioningDeviceClientConfig.getUniqueIdentifier();
        if (connectionId == null) {
            // For Symetric Key authentication, connection is not open until the registration is invoked.
            connectionId = "PendingConnectionId";
        }
        threadName = this.provisioningDeviceClientContract.getHostName() + "-" + this.provisioningDeviceClientConfig.getUniqueIdentifier() + "-Cxn" + connectionId + "-" + THREAD_NAME;
        Thread.currentThread().setName(threadName);
        log.info("Connection to device provisioning service opened successfully, sending initial device registration message");
        RegistrationOperationStatusParser registrationOperationStatusParser = this.invokeRegister();
        log.info("Waiting for device provisioning service to provision this device...");
        this.executeStateMachineForStatus(registrationOperationStatusParser);
        this.close();
    } catch (ExecutionException | TimeoutException | ProvisioningDeviceClientException | SecurityProviderException e) {
        // SRS_ProvisioningTask_25_006: [ This method shall invoke the status callback, if any of the task fail or throw any exception. ]
        this.dpsStatus = PROVISIONING_DEVICE_STATUS_ERROR;
        invokeRegistrationCallback(new RegistrationResult(null, null, null, PROVISIONING_DEVICE_STATUS_ERROR), e);
        // SRS_ProvisioningTask_25_015: [ This method shall invoke close call on the contract and close the threads started.]
        this.close();
    }
    return null;
}
Also used : RegistrationOperationStatusParser(com.microsoft.azure.sdk.iot.provisioning.device.internal.parser.RegistrationOperationStatusParser) SecurityProviderX509(com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509) SecurityProviderException(com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException) ProvisioningDeviceClientException(com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceClientException)

Aggregations

SecurityProviderX509 (com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509)10 Test (org.junit.Test)8 X509Certificate (java.security.cert.X509Certificate)7 LinkedList (java.util.LinkedList)7 ProvisioningDeviceClientException (com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceClientException)2 SecurityProviderException (com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException)2 ProvisioningDeviceSecurityException (com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceSecurityException)1 RegistrationOperationStatusParser (com.microsoft.azure.sdk.iot.provisioning.device.internal.parser.RegistrationOperationStatusParser)1 SecurityProviderSymmetricKey (com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderSymmetricKey)1 SecurityProviderTpm (com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderTpm)1 IOException (java.io.IOException)1 SSLContext (javax.net.ssl.SSLContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial