Examples with MongoDbDocumentBuilder org.eclipse.hono.deviceregistry.mongodb.utils.MongoDbDocumentBuilder used on opensource projects

Example 1 with MongoDbDocumentBuilder

use of org.eclipse.hono.deviceregistry.mongodb.utils.MongoDbDocumentBuilder in project hono by eclipse.

the class MongoDbBasedTenantDao method validateTrustAnchors.

/**
 * Validates trust anchors of the given tenant by checking that no other existing tenants belonging to
 * different trust anchor group or having no group contain the same trust anchor(s) of the given tenant.
 * <p>
 * A MongoDB query used for the validation is given below as an example:
 * <pre>
 * {
 *   "tenant-id" : {
 *     "$ne" : "DEFAULT_TENANT"
 *   },
 *   "tenant.trusted-ca" : {
 *     "$elemMatch" : {
 *       "subject-dn" : {
 *         "$in" : [ "CN=DEFAULT_TENANT_CA,OU=Hono,O=Eclipse IoT" ]
 *       }
 *     }
 *   },
 *   "$or" : [ {
 *     "tenant.trust-anchor-group" : {
 *       "$exists" : false
 *     }
 *   }, {
 *     "tenant.trust-anchor-group" : {
 *       "$ne" : "test-group"
 *     }
 *   } ]
 * }
 * </pre>
 *
 * @param tenantDto the tenant DTO.
 * @param span The active OpenTracing span to use for tracking this operation.
 *             <p>
 *             Implementations <em>must not</em> invoke the {@link Span#finish()} nor the {@link Span#finish(long)}
 *             methods. However,implementations may log (error) events on this span, set tags and use this span
 *             as the parent for additional spans created as part of this method's execution.
 * @return A future indicating the outcome of the operation.
 *         <p>
 *         The future will be succeeded if the checks have passed. Otherwise, the future will be
 *         failed with a {@link ClientErrorException}.
 */
private Future<Void> validateTrustAnchors(final TenantDto tenantDto, final Span span) {
    Objects.requireNonNull(tenantDto);
    final List<String> subjectDns = tenantDto.getData().getTrustedCertificateAuthoritySubjectDNsAsStrings();
    if (subjectDns.isEmpty()) {
        return Future.succeededFuture();
    }
    final MongoDbDocumentBuilder queryBuilder = MongoDbDocumentBuilder.builder().withOtherTenantId(tenantDto.getTenantId()).withAnyCa(subjectDns);
    Optional.ofNullable(tenantDto.getData().getTrustAnchorGroup()).ifPresent(queryBuilder::withTrustAnchorGroup);
    if (LOG.isDebugEnabled()) {
        LOG.debug("validate trust anchors query:{}{}", System.lineSeparator(), queryBuilder.document().encodePrettily());
    }
    return mongoClient.count(collectionName, queryBuilder.document()).map(count -> {
        if (count == 0) {
            return (Void) null;
        } else {
            final String msg = "tenant cannot use same CA certificate as other tenant belonging to different trust anchor group";
            LOG.debug("tenant [{}] cannot use same CA certificate as other tenant belonging to different trust anchor group", tenantDto.getTenantId());
            TracingHelper.logError(span, msg);
            throw new ClientErrorException(tenantDto.getTenantId(), HttpURLConnection.HTTP_CONFLICT, msg);
        }
    });
}