Search in sources :

Example 1 with CommonCredential

use of org.eclipse.hono.service.management.credentials.CommonCredential in project hono by eclipse.

the class AbstractCredentialsManagementService method updateCredentials.

@Override
public final Future<OperationResult<Void>> updateCredentials(final String tenantId, final String deviceId, final List<CommonCredential> credentials, final Optional<String> resourceVersion, final Span span) {
    Objects.requireNonNull(tenantId);
    Objects.requireNonNull(deviceId);
    Objects.requireNonNull(credentials);
    Objects.requireNonNull(resourceVersion);
    Objects.requireNonNull(span);
    return this.tenantInformationService.getTenant(tenantId, span).compose(tenant -> tenant.checkCredentialsLimitExceeded(tenantId, credentials)).compose(ok -> verifyAndEncodePasswords(credentials)).compose(encodedCredentials -> processUpdateCredentials(DeviceKey.from(tenantId, deviceId), encodedCredentials, resourceVersion, span)).onSuccess(result -> NotificationEventBusSupport.sendNotification(vertx, new CredentialsChangeNotification(tenantId, deviceId, Instant.now()))).recover(t -> DeviceRegistryUtils.mapError(t, tenantId));
}
Also used : HttpURLConnection(java.net.HttpURLConnection) CredentialsManagementService(org.eclipse.hono.service.management.credentials.CredentialsManagementService) ClientErrorException(org.eclipse.hono.client.ClientErrorException) ServiceInvocationException(org.eclipse.hono.client.ServiceInvocationException) HonoPasswordEncoder(org.eclipse.hono.auth.HonoPasswordEncoder) TenantInformationService(org.eclipse.hono.deviceregistry.service.tenant.TenantInformationService) CredentialsChangeNotification(org.eclipse.hono.notification.deviceregistry.CredentialsChangeNotification) Strings(org.eclipse.hono.util.Strings) NoopTenantInformationService(org.eclipse.hono.deviceregistry.service.tenant.NoopTenantInformationService) Futures(org.eclipse.hono.util.Futures) Vertx(io.vertx.core.Vertx) Set(java.util.Set) DeviceKey(org.eclipse.hono.deviceregistry.service.device.DeviceKey) Instant(java.time.Instant) Future(io.vertx.core.Future) Objects(java.util.Objects) List(java.util.List) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) Optional(java.util.Optional) OperationResult(org.eclipse.hono.service.management.OperationResult) Span(io.opentracing.Span) NotificationEventBusSupport(org.eclipse.hono.notification.NotificationEventBusSupport) DeviceRegistryUtils(org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils) Collections(java.util.Collections) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) CredentialsChangeNotification(org.eclipse.hono.notification.deviceregistry.CredentialsChangeNotification)

Example 2 with CommonCredential

use of org.eclipse.hono.service.management.credentials.CommonCredential in project hono by eclipse.

the class RegistryServiceTest method testGetDisabledCredentials.

@Test
void testGetDisabledCredentials(final VertxTestContext context) {
    Future.succeededFuture().flatMap(x -> {
        final var device = new Device();
        return this.registrationManagement.createDevice(DEFAULT_TENANT, Optional.of("d1"), device, SPAN).onComplete(context.succeeding(result -> {
            context.verify(() -> {
                assertThat(result.getStatus()).isEqualTo(HttpURLConnection.HTTP_CREATED);
            });
        }));
    }).flatMap(x -> {
        final var credentials = new LinkedList<CommonCredential>();
        final var psk = new PskCredential("a1", List.of(new PskSecret().setKey(new byte[] { 1, 2, 3, 4 })));
        psk.setEnabled(false);
        credentials.add(psk);
        return this.credentialsManagement.updateCredentials(DEFAULT_TENANT, "d1", credentials, Optional.empty(), SPAN).onFailure(context::failNow);
    }).flatMap(x -> {
        return this.credentialsAdapter.get(DEFAULT_TENANT, CredentialsConstants.SECRETS_TYPE_PRESHARED_KEY, "d1").onComplete(context.succeeding(result -> {
            context.verify(() -> {
                assertThat(result.getStatus()).isEqualTo(HttpURLConnection.HTTP_NOT_FOUND);
            });
        }));
    }).onComplete(context.succeedingThenComplete());
}
Also used : HttpURLConnection(java.net.HttpURLConnection) VertxTestContext(io.vertx.junit5.VertxTestContext) Device(org.eclipse.hono.service.management.device.Device) RegistrationConstants(org.eclipse.hono.util.RegistrationConstants) Truth.assertThat(com.google.common.truth.Truth.assertThat) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) CredentialsConstants(org.eclipse.hono.util.CredentialsConstants) Test(org.junit.jupiter.api.Test) List(java.util.List) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) PskCredential(org.eclipse.hono.service.management.credentials.PskCredential) Optional(java.util.Optional) Assertions(org.eclipse.hono.deviceregistry.util.Assertions) PskSecret(org.eclipse.hono.service.management.credentials.PskSecret) LinkedList(java.util.LinkedList) PskCredential(org.eclipse.hono.service.management.credentials.PskCredential) Device(org.eclipse.hono.service.management.device.Device) PskSecret(org.eclipse.hono.service.management.credentials.PskSecret) LinkedList(java.util.LinkedList) Test(org.junit.jupiter.api.Test)

Example 3 with CommonCredential

use of org.eclipse.hono.service.management.credentials.CommonCredential in project hono by eclipse.

the class CredentialsApiTests method testGetCredentialsFailsForNonMatchingClientContext.

/**
 * Verifies that a request for credentials using a client context that does not match
 * the credentials on record fails with a 404.
 *
 * @param ctx The vert.x test context.
 */
@Timeout(value = 5, timeUnit = TimeUnit.SECONDS)
@Test
public void testGetCredentialsFailsForNonMatchingClientContext(final VertxTestContext ctx) {
    final String deviceId = getHelper().getRandomDeviceId(tenantId);
    final String authId = UUID.randomUUID().toString();
    final CommonCredential credentials = getRandomHashedPasswordCredential(authId).putExtension("client-id", UUID.randomUUID().toString());
    final JsonObject clientContext = new JsonObject().put("client-id", "non-matching");
    getHelper().registry.registerDevice(tenantId, deviceId).compose(httpResponse -> getHelper().registry.addCredentials(tenantId, deviceId, List.of(credentials))).compose(ok -> getClient().get(tenantId, CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, authId, clientContext, spanContext)).onComplete(ctx.failing(t -> {
        ctx.verify(() -> assertErrorCode(t, HttpURLConnection.HTTP_NOT_FOUND));
        ctx.completeNow();
    }));
}
Also used : HttpURLConnection(java.net.HttpURLConnection) X509Certificate(java.security.cert.X509Certificate) VertxTestContext(io.vertx.junit5.VertxTestContext) BeforeEach(org.junit.jupiter.api.BeforeEach) X500Principal(javax.security.auth.x500.X500Principal) DownstreamMessage(org.eclipse.hono.application.client.DownstreamMessage) CertificateFactory(java.security.cert.CertificateFactory) LoggerFactory(org.slf4j.LoggerFactory) Credentials(org.eclipse.hono.service.management.credentials.Credentials) SelfSignedCertificate(io.vertx.core.net.SelfSignedCertificate) OptionalInt(java.util.OptionalInt) Tenant(org.eclipse.hono.service.management.tenant.Tenant) Timeout(io.vertx.junit5.Timeout) IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport) CredentialsClient(org.eclipse.hono.client.registry.CredentialsClient) JsonObject(io.vertx.core.json.JsonObject) Tenants(org.eclipse.hono.tests.Tenants) RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants) Device(org.eclipse.hono.service.management.device.Device) Logger(org.slf4j.Logger) Truth.assertWithMessage(com.google.common.truth.Truth.assertWithMessage) Vertx(io.vertx.core.Vertx) FileInputStream(java.io.FileInputStream) CertificateException(java.security.cert.CertificateException) UUID(java.util.UUID) Truth.assertThat(com.google.common.truth.Truth.assertThat) Instant(java.time.Instant) DeviceStatus(org.eclipse.hono.service.management.device.DeviceStatus) MessageHelper(org.eclipse.hono.util.MessageHelper) EventConstants(org.eclipse.hono.util.EventConstants) FileNotFoundException(java.io.FileNotFoundException) CredentialsConstants(org.eclipse.hono.util.CredentialsConstants) AuthenticationConstants(org.eclipse.hono.util.AuthenticationConstants) SpanContext(io.opentracing.SpanContext) TimeUnit(java.util.concurrent.TimeUnit) Test(org.junit.jupiter.api.Test) List(java.util.List) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) Checkpoint(io.vertx.junit5.Checkpoint) NoopSpan(io.opentracing.noop.NoopSpan) Collections(java.util.Collections) CredentialsObject(org.eclipse.hono.util.CredentialsObject) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) CertificateEncodingException(java.security.cert.CertificateEncodingException) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) JsonObject(io.vertx.core.json.JsonObject) Test(org.junit.jupiter.api.Test) Timeout(io.vertx.junit5.Timeout)

Example 4 with CommonCredential

use of org.eclipse.hono.service.management.credentials.CommonCredential in project hono by eclipse.

the class CredentialsApiTests method testGetCredentialsSucceedsForNonExistingClientContext.

/**
 * Verifies that a request for credentials using a client context succeeds if the credentials on record
 * do not have any extension properties with keys matching the provided client context.
 *
 * @param ctx The vert.x test context.
 */
@Timeout(value = 5, timeUnit = TimeUnit.SECONDS)
@Test
public void testGetCredentialsSucceedsForNonExistingClientContext(final VertxTestContext ctx) {
    final String deviceId = getHelper().getRandomDeviceId(tenantId);
    final String authId = UUID.randomUUID().toString();
    final CommonCredential credentials = getRandomHashedPasswordCredential(authId).putExtension("other", "property");
    final JsonObject clientContext = new JsonObject().put("client-id", "gateway-one");
    getHelper().registry.registerDevice(tenantId, deviceId).compose(httpResponse -> getHelper().registry.addCredentials(tenantId, deviceId, List.of(credentials))).compose(httpResponse -> getClient().get(tenantId, CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, authId, clientContext, spanContext)).onComplete(ctx.succeeding(credentialsObject -> {
        ctx.verify(() -> {
            assertThat(credentialsObject.getSecrets()).isNotEmpty();
        });
        ctx.completeNow();
    }));
}
Also used : HttpURLConnection(java.net.HttpURLConnection) X509Certificate(java.security.cert.X509Certificate) VertxTestContext(io.vertx.junit5.VertxTestContext) BeforeEach(org.junit.jupiter.api.BeforeEach) X500Principal(javax.security.auth.x500.X500Principal) DownstreamMessage(org.eclipse.hono.application.client.DownstreamMessage) CertificateFactory(java.security.cert.CertificateFactory) LoggerFactory(org.slf4j.LoggerFactory) Credentials(org.eclipse.hono.service.management.credentials.Credentials) SelfSignedCertificate(io.vertx.core.net.SelfSignedCertificate) OptionalInt(java.util.OptionalInt) Tenant(org.eclipse.hono.service.management.tenant.Tenant) Timeout(io.vertx.junit5.Timeout) IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport) CredentialsClient(org.eclipse.hono.client.registry.CredentialsClient) JsonObject(io.vertx.core.json.JsonObject) Tenants(org.eclipse.hono.tests.Tenants) RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants) Device(org.eclipse.hono.service.management.device.Device) Logger(org.slf4j.Logger) Truth.assertWithMessage(com.google.common.truth.Truth.assertWithMessage) Vertx(io.vertx.core.Vertx) FileInputStream(java.io.FileInputStream) CertificateException(java.security.cert.CertificateException) UUID(java.util.UUID) Truth.assertThat(com.google.common.truth.Truth.assertThat) Instant(java.time.Instant) DeviceStatus(org.eclipse.hono.service.management.device.DeviceStatus) MessageHelper(org.eclipse.hono.util.MessageHelper) EventConstants(org.eclipse.hono.util.EventConstants) FileNotFoundException(java.io.FileNotFoundException) CredentialsConstants(org.eclipse.hono.util.CredentialsConstants) AuthenticationConstants(org.eclipse.hono.util.AuthenticationConstants) SpanContext(io.opentracing.SpanContext) TimeUnit(java.util.concurrent.TimeUnit) Test(org.junit.jupiter.api.Test) List(java.util.List) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) Checkpoint(io.vertx.junit5.Checkpoint) NoopSpan(io.opentracing.noop.NoopSpan) Collections(java.util.Collections) CredentialsObject(org.eclipse.hono.util.CredentialsObject) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) CertificateEncodingException(java.security.cert.CertificateEncodingException) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) JsonObject(io.vertx.core.json.JsonObject) Test(org.junit.jupiter.api.Test) Timeout(io.vertx.junit5.Timeout)

Example 5 with CommonCredential

use of org.eclipse.hono.service.management.credentials.CommonCredential in project hono by eclipse.

the class CredentialsManagementIT method testAddCredentialsSucceeds.

/**
 * Verifies that a newly added device has an empty set of credentials and that the
 * service successfully adds arbitrary types of credentials.
 *
 * @param context The vert.x test context.
 */
@Test
public void testAddCredentialsSucceeds(final VertxTestContext context) {
    final PasswordCredential pwdCredential = IntegrationTestSupport.createPasswordCredential(authId, "thePassword");
    pwdCredential.getExtensions().put("client-id", "MQTT-client-2384236854");
    final PskCredential pskCredential = IntegrationTestSupport.createPskCredentials("psk-id", "psk-key");
    final var x509Credential = X509CertificateCredential.fromSubjectDn("emailAddress=foo@bar.com, CN=foo, O=bar", List.of(new X509CertificateSecret()));
    x509Credential.setComment("non-standard attribute type");
    final List<CommonCredential> credentials = List.of(pwdCredential, pskCredential, x509Credential);
    registry.getCredentials(tenantId, deviceId).compose(httpResponse -> {
        context.verify(() -> {
            assertResourceVersionHasChanged(resourceVersion, httpResponse.headers());
            assertThat(httpResponse.bodyAsJsonArray()).isEmpty();
        });
        return registry.addCredentials(tenantId, deviceId, credentials);
    }).compose(httpResponse -> {
        context.verify(() -> assertResourceVersionHasChanged(resourceVersion, httpResponse.headers()));
        return registry.getCredentials(tenantId, deviceId);
    }).onComplete(context.succeeding(httpResponse -> {
        context.verify(() -> {
            final CommonCredential[] credsOnRecord = httpResponse.bodyAsJson(CommonCredential[].class);
            assertThat(credsOnRecord).hasLength(3);
            Arrays.stream(credsOnRecord).forEach(creds -> {
                assertThat(creds.getExtensions().get("device-id")).isNull();
                if (creds instanceof PasswordCredential) {
                    assertThat(creds.getExtensions().get("client-id")).isEqualTo("MQTT-client-2384236854");
                } else if (creds instanceof X509CertificateCredential) {
                    assertThat(creds.getComment()).isEqualTo("non-standard attribute type");
                }
                creds.getSecrets().forEach(secret -> {
                    assertThat(secret.isEnabled()).isTrue();
                    assertThat(secret.getId()).isNotNull();
                });
            });
        });
        context.completeNow();
    }));
}
Also used : HttpURLConnection(java.net.HttpURLConnection) VertxTestContext(io.vertx.junit5.VertxTestContext) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) LoggerFactory(org.slf4j.LoggerFactory) MultiMap(io.vertx.core.MultiMap) Credentials(org.eclipse.hono.service.management.credentials.Credentials) GenericCredential(org.eclipse.hono.service.management.credentials.GenericCredential) PasswordSecret(org.eclipse.hono.service.management.credentials.PasswordSecret) X509CertificateCredential(org.eclipse.hono.service.management.credentials.X509CertificateCredential) OptionalInt(java.util.OptionalInt) AtomicReference(java.util.concurrent.atomic.AtomicReference) Timeout(io.vertx.junit5.Timeout) ArrayList(java.util.ArrayList) IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) PskCredential(org.eclipse.hono.service.management.credentials.PskCredential) Map(java.util.Map) Assertions(org.assertj.core.api.Assertions) HttpUtils(org.eclipse.hono.service.http.HttpUtils) JsonObject(io.vertx.core.json.JsonObject) RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants) Logger(org.slf4j.Logger) RecursiveComparisonConfiguration(org.assertj.core.api.recursive.comparison.RecursiveComparisonConfiguration) X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret) HttpHeaders(io.vertx.core.http.HttpHeaders) UUID(java.util.UUID) Truth.assertThat(com.google.common.truth.Truth.assertThat) Instant(java.time.Instant) VertxExtension(io.vertx.junit5.VertxExtension) Collectors(java.util.stream.Collectors) CredentialsConstants(org.eclipse.hono.util.CredentialsConstants) TestInfo(org.junit.jupiter.api.TestInfo) TimeUnit(java.util.concurrent.TimeUnit) Test(org.junit.jupiter.api.Test) JsonArray(io.vertx.core.json.JsonArray) List(java.util.List) ChronoUnit(java.time.temporal.ChronoUnit) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) CrudHttpClient(org.eclipse.hono.tests.CrudHttpClient) DeviceRegistryHttpClient(org.eclipse.hono.tests.DeviceRegistryHttpClient) Optional(java.util.Optional) GenericSecret(org.eclipse.hono.service.management.credentials.GenericSecret) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) PskCredential(org.eclipse.hono.service.management.credentials.PskCredential) X509CertificateCredential(org.eclipse.hono.service.management.credentials.X509CertificateCredential) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret) Test(org.junit.jupiter.api.Test)

Aggregations

CommonCredential (org.eclipse.hono.service.management.credentials.CommonCredential)13 List (java.util.List)12 HttpURLConnection (java.net.HttpURLConnection)10 Truth.assertThat (com.google.common.truth.Truth.assertThat)9 JsonObject (io.vertx.core.json.JsonObject)9 VertxTestContext (io.vertx.junit5.VertxTestContext)9 UUID (java.util.UUID)9 CredentialsConstants (org.eclipse.hono.util.CredentialsConstants)9 Test (org.junit.jupiter.api.Test)9 Logger (org.slf4j.Logger)9 LoggerFactory (org.slf4j.LoggerFactory)9 Optional (java.util.Optional)8 RegistryManagementConstants (org.eclipse.hono.util.RegistryManagementConstants)8 BeforeEach (org.junit.jupiter.api.BeforeEach)8 Timeout (io.vertx.junit5.Timeout)7 Vertx (io.vertx.core.Vertx)6 Instant (java.time.Instant)6 Collections (java.util.Collections)6 Map (java.util.Map)6 PasswordCredential (org.eclipse.hono.service.management.credentials.PasswordCredential)6