use of org.eclipse.hono.service.management.credentials.Credentials in project hono by eclipse.
the class CredentialsApiTests method testGetCredentialsFailsForNonMatchingClientContext.
/**
* Verifies that a request for credentials using a client context that does not match
* the credentials on record fails with a 404.
*
* @param ctx The vert.x test context.
*/
@Timeout(value = 5, timeUnit = TimeUnit.SECONDS)
@Test
public void testGetCredentialsFailsForNonMatchingClientContext(final VertxTestContext ctx) {
final String deviceId = getHelper().getRandomDeviceId(tenantId);
final String authId = UUID.randomUUID().toString();
final CommonCredential credentials = getRandomHashedPasswordCredential(authId).putExtension("client-id", UUID.randomUUID().toString());
final JsonObject clientContext = new JsonObject().put("client-id", "non-matching");
getHelper().registry.registerDevice(tenantId, deviceId).compose(httpResponse -> getHelper().registry.addCredentials(tenantId, deviceId, List.of(credentials))).compose(ok -> getClient().get(tenantId, CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, authId, clientContext, spanContext)).onComplete(ctx.failing(t -> {
ctx.verify(() -> assertErrorCode(t, HttpURLConnection.HTTP_NOT_FOUND));
ctx.completeNow();
}));
}
use of org.eclipse.hono.service.management.credentials.Credentials in project hono by eclipse.
the class CredentialsApiTests method testAutoProvisioningSucceeds.
private void testAutoProvisioningSucceeds(final VertxTestContext ctx, final Tenant tenant, final X509Certificate cert, final boolean isGateway, final String expectedDeviceId) throws CertificateEncodingException {
final Checkpoint autoProvisioningEventReceived = ctx.checkpoint(1);
final Checkpoint autoProvisioningCompleted = ctx.checkpoint(1);
// GIVEN a client context that contains a client certificate
final JsonObject clientCtx = new JsonObject().put(CredentialsConstants.FIELD_CLIENT_CERT, cert.getEncoded());
final String authId = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
tenantId = getHelper().getRandomTenantId();
getHelper().applicationClient.createEventConsumer(tenantId, msg -> ctx.verify(() -> {
// VERIFY that the auto-provisioning event for the device has been received
verifyAutoProvisioningEventNotification(tenantId, expectedDeviceId, msg);
autoProvisioningEventReceived.flag();
}), close -> {
}).compose(ok -> getHelper().registry.addTenant(tenantId, tenant)).compose(ok -> getClient().get(tenantId, CredentialsConstants.SECRETS_TYPE_X509_CERT, authId, clientCtx, spanContext)).compose(result -> {
if (LOG.isDebugEnabled()) {
LOG.debug("received get Credentials result from Credentials service:{}{}", System.lineSeparator(), JsonObject.mapFrom(result).encodePrettily());
}
// VERIFY the newly created credentials
ctx.verify(() -> {
assertThat(result).isNotNull();
assertThat(result.isEnabled()).isTrue();
assertThat(result.getDeviceId()).isNotNull();
assertThat(result.getAuthId()).isEqualTo(authId);
assertThat(result.getType()).isEqualTo(CredentialsConstants.SECRETS_TYPE_X509_CERT);
assertThat(result.getSecrets()).isNotNull();
assertThat(result.getSecrets()).hasSize(1);
if (expectedDeviceId != null) {
// VERIFY the generated device-id
assertThat(result.getDeviceId()).isEqualTo(expectedDeviceId);
}
});
// WHEN getting device registration information
return getHelper().registry.getRegistrationInfo(tenantId, result.getDeviceId());
}).onComplete(ctx.succeeding(result -> {
ctx.verify(() -> {
final JsonObject resultBody = result.bodyAsJsonObject();
if (LOG.isDebugEnabled()) {
LOG.debug("received get Device result from Registry Management API:{}{}", System.lineSeparator(), resultBody.encodePrettily());
}
// VERIFY that the device/gateway has been registered as well
final Device device = resultBody.mapTo(Device.class);
assertThat(device.isEnabled()).isTrue();
if (isGateway) {
// VERIFY that the gateway related attributes are set
assertThat(device.getAuthorities()).contains(RegistryManagementConstants.AUTHORITY_AUTO_PROVISIONING_ENABLED);
}
// VERIFY that the property "auto-provisioning-notification-sent" is updated to true.
final DeviceStatus deviceStatus = resultBody.getJsonObject(RegistryManagementConstants.FIELD_STATUS).mapTo(DeviceStatus.class);
assertWithMessage("device auto-provisioned").that(deviceStatus.isAutoProvisioned()).isTrue();
assertWithMessage("auto-provisioning notification for device sent").that(deviceStatus.isAutoProvisioningNotificationSent()).isTrue();
});
autoProvisioningCompleted.flag();
}));
}
use of org.eclipse.hono.service.management.credentials.Credentials in project hono by eclipse.
the class CredentialsApiTests method testGetCredentialsSucceedsForNonExistingClientContext.
/**
* Verifies that a request for credentials using a client context succeeds if the credentials on record
* do not have any extension properties with keys matching the provided client context.
*
* @param ctx The vert.x test context.
*/
@Timeout(value = 5, timeUnit = TimeUnit.SECONDS)
@Test
public void testGetCredentialsSucceedsForNonExistingClientContext(final VertxTestContext ctx) {
final String deviceId = getHelper().getRandomDeviceId(tenantId);
final String authId = UUID.randomUUID().toString();
final CommonCredential credentials = getRandomHashedPasswordCredential(authId).putExtension("other", "property");
final JsonObject clientContext = new JsonObject().put("client-id", "gateway-one");
getHelper().registry.registerDevice(tenantId, deviceId).compose(httpResponse -> getHelper().registry.addCredentials(tenantId, deviceId, List.of(credentials))).compose(httpResponse -> getClient().get(tenantId, CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, authId, clientContext, spanContext)).onComplete(ctx.succeeding(credentialsObject -> {
ctx.verify(() -> {
assertThat(credentialsObject.getSecrets()).isNotEmpty();
});
ctx.completeNow();
}));
}
use of org.eclipse.hono.service.management.credentials.Credentials in project hono by eclipse.
the class MongoDbBasedCredentialServiceTest method testUpdateCredentialsFailsForExceededCredentialsPerDeviceLimit.
/**
* Verifies that a request to update credentials of a device fails with a 403 status code
* if the number of credentials exceeds the tenant's configured limit.
*
* @param ctx The vert.x test context.
*/
@Test
public void testUpdateCredentialsFailsForExceededCredentialsPerDeviceLimit(final VertxTestContext ctx) {
final var tenantId = UUID.randomUUID().toString();
final var deviceId = UUID.randomUUID().toString();
when(tenantInformationService.getTenant(anyString(), any())).thenReturn(Future.succeededFuture(new Tenant().setRegistrationLimits(new RegistrationLimits().setMaxCredentialsPerDevice(1))));
credentialsManagementService.updateCredentials(tenantId, deviceId, List.of(Credentials.createPasswordCredential("device1", "secret"), Credentials.createPasswordCredential("device2", "secret")), Optional.empty(), NoopSpan.INSTANCE).onComplete(ctx.failing(t -> {
ctx.verify(() -> {
Assertions.assertServiceInvocationException(t, HttpURLConnection.HTTP_FORBIDDEN);
});
ctx.completeNow();
}));
}
use of org.eclipse.hono.service.management.credentials.Credentials in project hono by eclipse.
the class JdbcBasedCredentialsServiceTest method testUpdateCredentialsFailsForExceededCredentialsPerDeviceLimit.
/**
* Verifies that a request to update credentials of a device fails with a 403 status code
* if the number of credentials exceeds the tenant's configured limit.
*
* @param ctx The vert.x test context.
*/
@Test
public void testUpdateCredentialsFailsForExceededCredentialsPerDeviceLimit(final VertxTestContext ctx) {
final var tenantId = UUID.randomUUID().toString();
final var deviceId = UUID.randomUUID().toString();
when(tenantInformationService.getTenant(anyString(), any())).thenReturn(Future.succeededFuture(new Tenant().setRegistrationLimits(new RegistrationLimits().setMaxCredentialsPerDevice(1))));
getDeviceManagementService().createDevice(tenantId, Optional.of(deviceId), new Device(), NoopSpan.INSTANCE).onFailure(ctx::failNow).compose(ok -> getCredentialsManagementService().updateCredentials(tenantId, deviceId, List.of(Credentials.createPasswordCredential("device1", "secret"), Credentials.createPasswordCredential("device2", "secret")), Optional.empty(), NoopSpan.INSTANCE)).onComplete(ctx.failing(t -> {
ctx.verify(() -> {
Assertions.assertServiceInvocationException(t, HttpURLConnection.HTTP_FORBIDDEN);
});
ctx.completeNow();
}));
}
Aggregations