Example 1 with AdditionalInfo
use of org.eclipse.californium.elements.auth.AdditionalInfo in project hono by eclipse.
the class DeviceInfoSupplier method getInfo.
/**
* {@inheritDoc}
*/
@Override
public AdditionalInfo getInfo(final Principal clientIdentity, final Object customArgument) {
if (customArgument instanceof AdditionalInfo) {
final AdditionalInfo info = (AdditionalInfo) customArgument;
final String authId = info.get(EXT_INFO_KEY_HONO_AUTH_ID, String.class);
final Device device = info.get(EXT_INFO_KEY_HONO_DEVICE, Device.class);
LOG.debug("get additional info auth-id: {}, device: {}@{}", authId, device.getDeviceId(), device.getTenantId());
return info;
}
LOG.debug("get no additional info");
return AdditionalInfo.empty();
}
Also used :
AdditionalInfo(org.eclipse.californium.elements.auth.AdditionalInfo)
Device(org.eclipse.hono.auth.Device)
Example 2 with AdditionalInfo
use of org.eclipse.californium.elements.auth.AdditionalInfo in project hono by eclipse.
the class DeviceRegistryBasedPskStore method loadCredentialsForDevice.
/**
* Load credentials for an identity used by a device in a PSK based DTLS handshake.
*
* @param cid the connection id to report the result.
* @param identity the psk identity of the device.
*/
private void loadCredentialsForDevice(final ConnectionId cid, final PskPublicInformation identity) {
final String publicInfo = identity.getPublicInfoAsString();
LOG.debug("getting PSK secret for identity [{}]", publicInfo);
final Span span = tracer.buildSpan("look up pre-shared key").withTag(Tags.SPAN_KIND.getKey(), Tags.SPAN_KIND_CLIENT).withTag(Tags.COMPONENT.getKey(), adapter.getTypeName()).start();
final PreSharedKeyDeviceIdentity handshakeIdentity = getHandshakeIdentity(publicInfo, span);
if (handshakeIdentity == null) {
TracingHelper.logError(span, "could not determine auth-id from PSK identity");
span.finish();
return;
}
TracingHelper.TAG_TENANT_ID.set(span, handshakeIdentity.getTenantId());
TracingHelper.TAG_AUTH_ID.set(span, handshakeIdentity.getAuthId());
applyTraceSamplingPriority(handshakeIdentity, span).compose(v -> adapter.getCredentialsClient().get(handshakeIdentity.getTenantId(), handshakeIdentity.getType(), handshakeIdentity.getAuthId(), new JsonObject(), span.context())).map(credentials -> {
final String deviceId = credentials.getDeviceId();
TracingHelper.TAG_DEVICE_ID.set(span, deviceId);
final SecretKey key = getCandidateKey(credentials);
if (key == null) {
TracingHelper.logError(span, "PSK credentials for device do not contain proper key");
return new PskSecretResult(cid, identity, null, null);
} else {
span.log("successfully retrieved PSK for device");
// set AdditionalInfo as customArgument here
final AdditionalInfo info = DeviceInfoSupplier.createDeviceInfo(new Device(handshakeIdentity.getTenantId(), credentials.getDeviceId()), handshakeIdentity.getAuthId());
return new PskSecretResult(cid, identity, key, info);
}
}).otherwise(t -> {
TracingHelper.logError(span, "could not retrieve PSK credentials for device", t);
LOG.debug("error retrieving credentials for PSK identity [{}]", publicInfo, t);
return new PskSecretResult(cid, identity, null, null);
}).onSuccess(result -> {
span.finish();
californiumResultHandler.apply(result);
});
}
Also used :
Arrays(java.util.Arrays)
AdvancedPskStore(org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore)
LoggerFactory(org.slf4j.LoggerFactory)
PskSecretResult(org.eclipse.californium.scandium.dtls.PskSecretResult)
Tags(io.opentracing.tag.Tags)
SecretUtil(org.eclipse.californium.scandium.util.SecretUtil)
PskPublicInformation(org.eclipse.californium.scandium.dtls.PskPublicInformation)
DeviceCredentials(org.eclipse.hono.adapter.auth.device.DeviceCredentials)
ServerNames(org.eclipse.californium.scandium.util.ServerNames)
JsonObject(io.vertx.core.json.JsonObject)
TracingHelper(org.eclipse.hono.tracing.TracingHelper)
PskSecretResultHandler(org.eclipse.californium.scandium.dtls.PskSecretResultHandler)
Logger(org.slf4j.Logger)
Tracer(io.opentracing.Tracer)
AdditionalInfo(org.eclipse.californium.elements.auth.AdditionalInfo)
InetSocketAddress(java.net.InetSocketAddress)
Future(io.vertx.core.Future)
Device(org.eclipse.hono.auth.Device)
CredentialsConstants(org.eclipse.hono.util.CredentialsConstants)
Objects(java.util.Objects)
TenantTraceSamplingHelper(org.eclipse.hono.tracing.TenantTraceSamplingHelper)
ConnectionId(org.eclipse.californium.scandium.dtls.ConnectionId)
Span(io.opentracing.Span)
SecretKey(javax.crypto.SecretKey)
CredentialsObject(org.eclipse.hono.util.CredentialsObject)
AdditionalInfo(org.eclipse.californium.elements.auth.AdditionalInfo)
SecretKey(javax.crypto.SecretKey)
PskSecretResult(org.eclipse.californium.scandium.dtls.PskSecretResult)
Device(org.eclipse.hono.auth.Device)
JsonObject(io.vertx.core.json.JsonObject)
Span(io.opentracing.Span)
Example 3 with AdditionalInfo
use of org.eclipse.californium.elements.auth.AdditionalInfo in project hono by eclipse.
the class DeviceRegistryBasedCertificateVerifier method validateCertificateAndLoadDevice.
/**
* Validates a device's client certificate and completes the DTLS handshake result handler.
*
* @param cid the connection id to report the result.
* @param certPath certificate path.
* @param session session.
* @see #setResultHandler(HandshakeResultHandler)
*/
private void validateCertificateAndLoadDevice(final ConnectionId cid, final CertPath certPath, final DTLSSession session) {
LOG.debug("validating client's X.509 certificate");
final Span span = tracer.buildSpan("validate client certificate").withTag(Tags.SPAN_KIND.getKey(), Tags.SPAN_KIND_CLIENT).withTag(Tags.COMPONENT.getKey(), adapter.getTypeName()).start();
validateCertificateAndLoadDevice(session, certPath, span).map(info -> {
// set AdditionalInfo as customArgument here
return new CertificateVerificationResult(cid, certPath, info);
}).otherwise(t -> {
TracingHelper.logError(span, "could not validate X509 for device", t);
LOG.debug("error validating X509", t);
final AlertMessage alert = new AlertMessage(AlertLevel.FATAL, AlertDescription.BAD_CERTIFICATE, session.getPeer());
return new CertificateVerificationResult(cid, new HandshakeException("error validating X509", alert), null);
}).onSuccess(result -> {
span.finish();
californiumResultHandler.apply(result);
});
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
X509Certificate(java.security.cert.X509Certificate)
X500Principal(javax.security.auth.x500.X500Principal)
LoggerFactory(org.slf4j.LoggerFactory)
CertificateType(org.eclipse.californium.scandium.dtls.CertificateType)
ClientErrorException(org.eclipse.hono.client.ClientErrorException)
AlertDescription(org.eclipse.californium.scandium.dtls.AlertMessage.AlertDescription)
Tags(io.opentracing.tag.Tags)
CertificateMessage(org.eclipse.californium.scandium.dtls.CertificateMessage)
ServerName(org.eclipse.californium.scandium.util.ServerName)
DeviceCredentials(org.eclipse.hono.adapter.auth.device.DeviceCredentials)
HandshakeException(org.eclipse.californium.scandium.dtls.HandshakeException)
CertPathUtil(org.eclipse.californium.elements.util.CertPathUtil)
ServerNames(org.eclipse.californium.scandium.util.ServerNames)
StreamSupport(java.util.stream.StreamSupport)
NewAdvancedCertificateVerifier(org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier)
TracingHelper(org.eclipse.hono.tracing.TracingHelper)
X509Authentication(org.eclipse.hono.adapter.auth.device.X509Authentication)
Logger(org.slf4j.Logger)
NameType(org.eclipse.californium.scandium.util.ServerName.NameType)
Tracer(io.opentracing.Tracer)
TenantServiceBasedX509Authentication(org.eclipse.hono.adapter.auth.device.TenantServiceBasedX509Authentication)
AlertLevel(org.eclipse.californium.scandium.dtls.AlertMessage.AlertLevel)
AdditionalInfo(org.eclipse.californium.elements.auth.AdditionalInfo)
Promise(io.vertx.core.Promise)
HandshakeResultHandler(org.eclipse.californium.scandium.dtls.HandshakeResultHandler)
CertPath(java.security.cert.CertPath)
Collectors(java.util.stream.Collectors)
Future(io.vertx.core.Future)
Device(org.eclipse.hono.auth.Device)
Objects(java.util.Objects)
DTLSSession(org.eclipse.californium.scandium.dtls.DTLSSession)
List(java.util.List)
Certificate(java.security.cert.Certificate)
TenantTraceSamplingHelper(org.eclipse.hono.tracing.TenantTraceSamplingHelper)
DeviceCredentialsAuthProvider(org.eclipse.hono.adapter.auth.device.DeviceCredentialsAuthProvider)
X509AuthProvider(org.eclipse.hono.adapter.auth.device.X509AuthProvider)
ConnectionId(org.eclipse.californium.scandium.dtls.ConnectionId)
CertificateVerificationResult(org.eclipse.californium.scandium.dtls.CertificateVerificationResult)
Optional(java.util.Optional)
AlertMessage(org.eclipse.californium.scandium.dtls.AlertMessage)
Span(io.opentracing.Span)
SubjectDnCredentials(org.eclipse.hono.adapter.auth.device.SubjectDnCredentials)
Span(io.opentracing.Span)
HandshakeException(org.eclipse.californium.scandium.dtls.HandshakeException)
AlertMessage(org.eclipse.californium.scandium.dtls.AlertMessage)
CertificateVerificationResult(org.eclipse.californium.scandium.dtls.CertificateVerificationResult)
Aggregations
AdditionalInfo (org.eclipse.californium.elements.auth.AdditionalInfo)3
Device (org.eclipse.hono.auth.Device)3
Span (io.opentracing.Span)2
Tracer (io.opentracing.Tracer)2
Tags (io.opentracing.tag.Tags)2
Future (io.vertx.core.Future)2
Objects (java.util.Objects)2
ConnectionId (org.eclipse.californium.scandium.dtls.ConnectionId)2
ServerNames (org.eclipse.californium.scandium.util.ServerNames)2
DeviceCredentials (org.eclipse.hono.adapter.auth.device.DeviceCredentials)2
TenantTraceSamplingHelper (org.eclipse.hono.tracing.TenantTraceSamplingHelper)2
TracingHelper (org.eclipse.hono.tracing.TracingHelper)2
Logger (org.slf4j.Logger)2
LoggerFactory (org.slf4j.LoggerFactory)2
Promise (io.vertx.core.Promise)1
JsonObject (io.vertx.core.json.JsonObject)1
HttpURLConnection (java.net.HttpURLConnection)1
InetSocketAddress (java.net.InetSocketAddress)1
CertPath (java.security.cert.CertPath)1
Certificate (java.security.cert.Certificate)1
