Search in sources :

Example 1 with PasswordSecret

use of org.eclipse.hono.service.management.credentials.PasswordSecret in project hono by eclipse.

the class CredentialsManagementIT method testAddCredentialsFailsForBCryptWithTooManyIterations.

/**
 * Verifies that the service returns a 400 status code for an add credentials request with hashed password
 * credentials that use a BCrypt hash with more than the configured max iterations.
 *
 * @param context The vert.x test context.
 */
@Test
public void testAddCredentialsFailsForBCryptWithTooManyIterations(final VertxTestContext context) {
    // GIVEN a hashed password using bcrypt with more than the configured max iterations
    final BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(IntegrationTestSupport.MAX_BCRYPT_COST_FACTOR + 1);
    final PasswordSecret secret = new PasswordSecret();
    secret.setHashFunction(CredentialsConstants.HASH_FUNCTION_BCRYPT);
    secret.setPasswordHash(encoder.encode("thePassword"));
    final PasswordCredential credential = new PasswordCredential(authId, List.of(secret));
    // WHEN adding the credentials
    testAddCredentialsWithErroneousPayload(context, new JsonArray().add(JsonObject.mapFrom(credential)), // THEN the request fails with 400
    HttpURLConnection.HTTP_BAD_REQUEST);
}
Also used : JsonArray(io.vertx.core.json.JsonArray) PasswordSecret(org.eclipse.hono.service.management.credentials.PasswordSecret) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Test(org.junit.jupiter.api.Test)

Example 2 with PasswordSecret

use of org.eclipse.hono.service.management.credentials.PasswordSecret in project hono by eclipse.

the class CredentialsManagementIT method testUpdateCredentialsSucceeds.

/**
 * Verifies that the service accepts an update credentials request for existing credentials.
 *
 * @param ctx The vert.x test context.
 */
@Test
public void testUpdateCredentialsSucceeds(final VertxTestContext ctx) {
    final AtomicReference<PasswordSecret> originalSecret = new AtomicReference<>();
    // GIVEN a device with a set of hashed password credentials
    registry.addCredentials(tenantId, deviceId, List.of(hashedPasswordCredential)).compose(ok -> registry.getCredentials(tenantId, deviceId)).compose(httpResponse -> {
        ctx.verify(() -> assertResourceVersionHasChanged(resourceVersion, httpResponse.headers()));
        // WHEN updating the existing password
        final JsonArray bodyAsJsonArray = httpResponse.bodyAsJsonArray();
        LOG.debug("received original credentials list: {}", bodyAsJsonArray.encodePrettily());
        ctx.verify(() -> assertThat(bodyAsJsonArray).hasSize(1));
        final PasswordCredential existingCredentials = bodyAsJsonArray.getJsonObject(0).mapTo(PasswordCredential.class);
        ctx.verify(() -> {
            assertThat(existingCredentials.getSecrets()).hasSize(1);
            final PasswordSecret existingSecret = existingCredentials.getSecrets().get(0);
            assertThat(existingSecret.getId()).isNotNull();
            originalSecret.set(existingSecret);
        });
        final PasswordSecret changedSecret = new PasswordSecret();
        changedSecret.setId(originalSecret.get().getId());
        changedSecret.setPasswordPlain("completely-different-password");
        changedSecret.setComment("updated");
        // and adding a new one
        final PasswordSecret newSecret = new PasswordSecret();
        newSecret.setPasswordPlain("future-password");
        newSecret.setNotBefore(Instant.now().plus(1, ChronoUnit.DAYS));
        final PasswordCredential updatedCredentials = new PasswordCredential(existingCredentials.getAuthId(), List.of(changedSecret, newSecret));
        return registry.updateCredentialsWithVersion(tenantId, deviceId, List.of(updatedCredentials), resourceVersion.get(), HttpURLConnection.HTTP_NO_CONTENT);
    }).compose(httpResponse -> {
        ctx.verify(() -> assertResourceVersionHasChanged(resourceVersion, httpResponse.headers()));
        return registry.getCredentials(tenantId, deviceId);
    }).onComplete(ctx.succeeding(httpResponse -> {
        final JsonArray bodyAsJsonArray = httpResponse.bodyAsJsonArray();
        LOG.debug("received updated credentials list: {}", bodyAsJsonArray.encodePrettily());
        ctx.verify(() -> {
            assertThat(bodyAsJsonArray).hasSize(1);
            final PasswordCredential updatedCredentials = bodyAsJsonArray.getJsonObject(0).mapTo(PasswordCredential.class);
            assertThat(updatedCredentials.getSecrets()).hasSize(2);
            // THEN the original secret has been updated
            final PasswordSecret updatedSecret = updatedCredentials.getSecrets().stream().filter(s -> originalSecret.get().getId().equals(s.getId())).findAny().orElse(null);
            assertThat(updatedSecret).isNotNull();
            assertThat(updatedSecret.getComment()).isEqualTo("updated");
        });
        ctx.completeNow();
    }));
}
Also used : HttpURLConnection(java.net.HttpURLConnection) VertxTestContext(io.vertx.junit5.VertxTestContext) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) LoggerFactory(org.slf4j.LoggerFactory) MultiMap(io.vertx.core.MultiMap) Credentials(org.eclipse.hono.service.management.credentials.Credentials) GenericCredential(org.eclipse.hono.service.management.credentials.GenericCredential) PasswordSecret(org.eclipse.hono.service.management.credentials.PasswordSecret) X509CertificateCredential(org.eclipse.hono.service.management.credentials.X509CertificateCredential) OptionalInt(java.util.OptionalInt) AtomicReference(java.util.concurrent.atomic.AtomicReference) Timeout(io.vertx.junit5.Timeout) ArrayList(java.util.ArrayList) IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) PskCredential(org.eclipse.hono.service.management.credentials.PskCredential) Map(java.util.Map) Assertions(org.assertj.core.api.Assertions) HttpUtils(org.eclipse.hono.service.http.HttpUtils) JsonObject(io.vertx.core.json.JsonObject) RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants) Logger(org.slf4j.Logger) RecursiveComparisonConfiguration(org.assertj.core.api.recursive.comparison.RecursiveComparisonConfiguration) X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret) HttpHeaders(io.vertx.core.http.HttpHeaders) UUID(java.util.UUID) Truth.assertThat(com.google.common.truth.Truth.assertThat) Instant(java.time.Instant) VertxExtension(io.vertx.junit5.VertxExtension) Collectors(java.util.stream.Collectors) CredentialsConstants(org.eclipse.hono.util.CredentialsConstants) TestInfo(org.junit.jupiter.api.TestInfo) TimeUnit(java.util.concurrent.TimeUnit) Test(org.junit.jupiter.api.Test) JsonArray(io.vertx.core.json.JsonArray) List(java.util.List) ChronoUnit(java.time.temporal.ChronoUnit) CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential) CrudHttpClient(org.eclipse.hono.tests.CrudHttpClient) DeviceRegistryHttpClient(org.eclipse.hono.tests.DeviceRegistryHttpClient) Optional(java.util.Optional) GenericSecret(org.eclipse.hono.service.management.credentials.GenericSecret) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) JsonArray(io.vertx.core.json.JsonArray) PasswordSecret(org.eclipse.hono.service.management.credentials.PasswordSecret) PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) AtomicReference(java.util.concurrent.atomic.AtomicReference) Test(org.junit.jupiter.api.Test)

Example 3 with PasswordSecret

use of org.eclipse.hono.service.management.credentials.PasswordSecret in project hono by eclipse.

the class DeviceRegistryUtils method checkCredential.

/**
 * Validates the given credentials for consistency.
 * <p>
 * The following checks are performed
 * <ol>
 * <li>The credential's <em>checkValidity</em> method is invoked and</li>
 * <li>if the given credentials object is of type {@link PasswordCredential}, for
 * each of the credential's hashed password secrets the secret's
 * {@link PasswordSecret#encode(HonoPasswordEncoder)}, {@link PasswordSecret#checkValidity()}
 * and {@link PasswordSecret#verifyHashAlgorithm(Set, int)} methods are invoked.</li>
 * </ol>
 *
 * @param credential The secret to validate.
 * @param passwordEncoder The password encoder.
 * @param hashAlgorithmsWhitelist The list of supported hashing algorithms for pre-hashed passwords.
 * @param maxBcryptCostFactor The maximum cost factor to use for bcrypt password hashes.
 * @throws IllegalStateException if any of the checks fail.
 * @throws NullPointerException if any of the parameters is {@code null}.
 */
public static void checkCredential(final CommonCredential credential, final HonoPasswordEncoder passwordEncoder, final Set<String> hashAlgorithmsWhitelist, final int maxBcryptCostFactor) {
    Objects.requireNonNull(credential);
    Objects.requireNonNull(passwordEncoder);
    Objects.requireNonNull(hashAlgorithmsWhitelist);
    credential.checkValidity();
    if (credential instanceof PasswordCredential) {
        for (final PasswordSecret passwordSecret : ((PasswordCredential) credential).getSecrets()) {
            passwordSecret.encode(passwordEncoder);
            passwordSecret.checkValidity();
            passwordSecret.verifyHashAlgorithm(hashAlgorithmsWhitelist, maxBcryptCostFactor);
        }
    }
}
Also used : PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential) PasswordSecret(org.eclipse.hono.service.management.credentials.PasswordSecret)

Aggregations

PasswordCredential (org.eclipse.hono.service.management.credentials.PasswordCredential)3 PasswordSecret (org.eclipse.hono.service.management.credentials.PasswordSecret)3 JsonArray (io.vertx.core.json.JsonArray)2 Test (org.junit.jupiter.api.Test)2 BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)2 Truth.assertThat (com.google.common.truth.Truth.assertThat)1 MultiMap (io.vertx.core.MultiMap)1 HttpHeaders (io.vertx.core.http.HttpHeaders)1 JsonObject (io.vertx.core.json.JsonObject)1 Timeout (io.vertx.junit5.Timeout)1 VertxExtension (io.vertx.junit5.VertxExtension)1 VertxTestContext (io.vertx.junit5.VertxTestContext)1 HttpURLConnection (java.net.HttpURLConnection)1 Instant (java.time.Instant)1 ChronoUnit (java.time.temporal.ChronoUnit)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 List (java.util.List)1 Map (java.util.Map)1 Optional (java.util.Optional)1