Example 1 with X509CertificateSecret
use of org.eclipse.hono.service.management.credentials.X509CertificateSecret in project hono by eclipse.
the class CredentialsManagementIT method testAddCredentialsSucceeds.
/**
* Verifies that a newly added device has an empty set of credentials and that the
* service successfully adds arbitrary types of credentials.
*
* @param context The vert.x test context.
*/
@Test
public void testAddCredentialsSucceeds(final VertxTestContext context) {
final PasswordCredential pwdCredential = IntegrationTestSupport.createPasswordCredential(authId, "thePassword");
pwdCredential.getExtensions().put("client-id", "MQTT-client-2384236854");
final PskCredential pskCredential = IntegrationTestSupport.createPskCredentials("psk-id", "psk-key");
final var x509Credential = X509CertificateCredential.fromSubjectDn("emailAddress=foo@bar.com, CN=foo, O=bar", List.of(new X509CertificateSecret()));
x509Credential.setComment("non-standard attribute type");
final List<CommonCredential> credentials = List.of(pwdCredential, pskCredential, x509Credential);
registry.getCredentials(tenantId, deviceId).compose(httpResponse -> {
context.verify(() -> {
assertResourceVersionHasChanged(resourceVersion, httpResponse.headers());
assertThat(httpResponse.bodyAsJsonArray()).isEmpty();
});
return registry.addCredentials(tenantId, deviceId, credentials);
}).compose(httpResponse -> {
context.verify(() -> assertResourceVersionHasChanged(resourceVersion, httpResponse.headers()));
return registry.getCredentials(tenantId, deviceId);
}).onComplete(context.succeeding(httpResponse -> {
context.verify(() -> {
final CommonCredential[] credsOnRecord = httpResponse.bodyAsJson(CommonCredential[].class);
assertThat(credsOnRecord).hasLength(3);
Arrays.stream(credsOnRecord).forEach(creds -> {
assertThat(creds.getExtensions().get("device-id")).isNull();
if (creds instanceof PasswordCredential) {
assertThat(creds.getExtensions().get("client-id")).isEqualTo("MQTT-client-2384236854");
} else if (creds instanceof X509CertificateCredential) {
assertThat(creds.getComment()).isEqualTo("non-standard attribute type");
}
creds.getSecrets().forEach(secret -> {
assertThat(secret.isEnabled()).isTrue();
assertThat(secret.getId()).isNotNull();
});
});
});
context.completeNow();
}));
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
VertxTestContext(io.vertx.junit5.VertxTestContext)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Arrays(java.util.Arrays)
BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)
LoggerFactory(org.slf4j.LoggerFactory)
MultiMap(io.vertx.core.MultiMap)
Credentials(org.eclipse.hono.service.management.credentials.Credentials)
GenericCredential(org.eclipse.hono.service.management.credentials.GenericCredential)
PasswordSecret(org.eclipse.hono.service.management.credentials.PasswordSecret)
X509CertificateCredential(org.eclipse.hono.service.management.credentials.X509CertificateCredential)
OptionalInt(java.util.OptionalInt)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Timeout(io.vertx.junit5.Timeout)
ArrayList(java.util.ArrayList)
IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
PskCredential(org.eclipse.hono.service.management.credentials.PskCredential)
Map(java.util.Map)
Assertions(org.assertj.core.api.Assertions)
HttpUtils(org.eclipse.hono.service.http.HttpUtils)
JsonObject(io.vertx.core.json.JsonObject)
RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants)
Logger(org.slf4j.Logger)
RecursiveComparisonConfiguration(org.assertj.core.api.recursive.comparison.RecursiveComparisonConfiguration)
X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret)
HttpHeaders(io.vertx.core.http.HttpHeaders)
UUID(java.util.UUID)
Truth.assertThat(com.google.common.truth.Truth.assertThat)
Instant(java.time.Instant)
VertxExtension(io.vertx.junit5.VertxExtension)
Collectors(java.util.stream.Collectors)
CredentialsConstants(org.eclipse.hono.util.CredentialsConstants)
TestInfo(org.junit.jupiter.api.TestInfo)
TimeUnit(java.util.concurrent.TimeUnit)
Test(org.junit.jupiter.api.Test)
JsonArray(io.vertx.core.json.JsonArray)
List(java.util.List)
ChronoUnit(java.time.temporal.ChronoUnit)
CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential)
CrudHttpClient(org.eclipse.hono.tests.CrudHttpClient)
DeviceRegistryHttpClient(org.eclipse.hono.tests.DeviceRegistryHttpClient)
Optional(java.util.Optional)
GenericSecret(org.eclipse.hono.service.management.credentials.GenericSecret)
PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential)
PskCredential(org.eclipse.hono.service.management.credentials.PskCredential)
X509CertificateCredential(org.eclipse.hono.service.management.credentials.X509CertificateCredential)
PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential)
CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential)
X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret)
Test(org.junit.jupiter.api.Test)
Example 2 with X509CertificateSecret
use of org.eclipse.hono.service.management.credentials.X509CertificateSecret in project hono by eclipse.
the class CredentialsManagementIT method testGetAllCredentialsForDeviceSucceeds.
/**
* Verifies that the service returns all credentials registered for a given device regardless of
* authentication identifier and type.
* <p>
* The returned JsonArray must contain exactly the same credentials as originally added.
*
* @param context The vert.x test context.
*/
@Test
public void testGetAllCredentialsForDeviceSucceeds(final VertxTestContext context) {
final List<CommonCredential> credentialsListToAdd = new ArrayList<>();
credentialsListToAdd.add(pskCredentials);
credentialsListToAdd.add(hashedPasswordCredential);
credentialsListToAdd.add(X509CertificateCredential.fromSubjectDn("CN=Acme", List.of(new X509CertificateSecret())));
for (int i = 0; i < 3; i++) {
final GenericSecret secret = new GenericSecret();
secret.setAdditionalProperties(Map.of("field-" + i, "setec astronomy"));
final GenericCredential credential = new GenericCredential("type-" + i, getRandomAuthId(PREFIX_AUTH_ID), List.of(secret));
credentialsListToAdd.add(credential);
}
registry.addCredentials(tenantId, deviceId, credentialsListToAdd).compose(ar -> registry.getCredentials(tenantId, deviceId)).onComplete(context.succeeding(httpResponse -> {
context.verify(() -> assertResponseBodyContainsAllCredentials(httpResponse.bodyAsJsonArray(), credentialsListToAdd));
context.completeNow();
}));
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
VertxTestContext(io.vertx.junit5.VertxTestContext)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Arrays(java.util.Arrays)
BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)
LoggerFactory(org.slf4j.LoggerFactory)
MultiMap(io.vertx.core.MultiMap)
Credentials(org.eclipse.hono.service.management.credentials.Credentials)
GenericCredential(org.eclipse.hono.service.management.credentials.GenericCredential)
PasswordSecret(org.eclipse.hono.service.management.credentials.PasswordSecret)
X509CertificateCredential(org.eclipse.hono.service.management.credentials.X509CertificateCredential)
OptionalInt(java.util.OptionalInt)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Timeout(io.vertx.junit5.Timeout)
ArrayList(java.util.ArrayList)
IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
PskCredential(org.eclipse.hono.service.management.credentials.PskCredential)
Map(java.util.Map)
Assertions(org.assertj.core.api.Assertions)
HttpUtils(org.eclipse.hono.service.http.HttpUtils)
JsonObject(io.vertx.core.json.JsonObject)
RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants)
Logger(org.slf4j.Logger)
RecursiveComparisonConfiguration(org.assertj.core.api.recursive.comparison.RecursiveComparisonConfiguration)
X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret)
HttpHeaders(io.vertx.core.http.HttpHeaders)
UUID(java.util.UUID)
Truth.assertThat(com.google.common.truth.Truth.assertThat)
Instant(java.time.Instant)
VertxExtension(io.vertx.junit5.VertxExtension)
Collectors(java.util.stream.Collectors)
CredentialsConstants(org.eclipse.hono.util.CredentialsConstants)
TestInfo(org.junit.jupiter.api.TestInfo)
TimeUnit(java.util.concurrent.TimeUnit)
Test(org.junit.jupiter.api.Test)
JsonArray(io.vertx.core.json.JsonArray)
List(java.util.List)
ChronoUnit(java.time.temporal.ChronoUnit)
CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential)
CrudHttpClient(org.eclipse.hono.tests.CrudHttpClient)
DeviceRegistryHttpClient(org.eclipse.hono.tests.DeviceRegistryHttpClient)
Optional(java.util.Optional)
GenericSecret(org.eclipse.hono.service.management.credentials.GenericSecret)
PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential)
GenericCredential(org.eclipse.hono.service.management.credentials.GenericCredential)
CommonCredential(org.eclipse.hono.service.management.credentials.CommonCredential)
ArrayList(java.util.ArrayList)
X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret)
GenericSecret(org.eclipse.hono.service.management.credentials.GenericSecret)
Test(org.junit.jupiter.api.Test)
Example 3 with X509CertificateSecret
use of org.eclipse.hono.service.management.credentials.X509CertificateSecret in project hono by eclipse.
the class MqttConnectionIT method testConnectX509FailsForUnknownSubjectDN.
/**
* Verifies that the adapter rejects connection attempts from devices using a client certificate with an unknown
* subject DN.
*
* @param ctx The test context
*/
@Test
public void testConnectX509FailsForUnknownSubjectDN(final VertxTestContext ctx) {
// GIVEN a registered device
helper.getCertificate(deviceCert.certificatePath()).compose(cert -> {
final var tenant = Tenants.createTenantForTrustAnchor(cert);
return helper.registry.addTenant(tenantId, tenant);
}).compose(ok -> helper.registry.registerDevice(tenantId, deviceId)).compose(ok -> {
final String authId = new X500Principal("CN=4711").getName(X500Principal.RFC2253);
final var credential = X509CertificateCredential.fromSubjectDn(authId, List.of(new X509CertificateSecret()));
return helper.registry.addCredentials(tenantId, deviceId, Collections.singleton(credential));
}).compose(ok -> connectToAdapter(deviceCert)).onComplete(ctx.failing(t -> {
// THEN the connection is refused
ctx.verify(() -> {
assertThat(t).isInstanceOf(MqttConnectionException.class);
assertThat(((MqttConnectionException) t).code()).isEqualTo(MqttConnectReturnCode.CONNECTION_REFUSED_BAD_USER_NAME_OR_PASSWORD);
});
ctx.completeNow();
}));
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
VertxTestContext(io.vertx.junit5.VertxTestContext)
BeforeEach(org.junit.jupiter.api.BeforeEach)
X500Principal(javax.security.auth.x500.X500Principal)
MqttConnectReturnCode(io.netty.handler.codec.mqtt.MqttConnectReturnCode)
SelfSignedCertificate(io.vertx.core.net.SelfSignedCertificate)
X509CertificateCredential(org.eclipse.hono.service.management.credentials.X509CertificateCredential)
Supplier(java.util.function.Supplier)
Constants(org.eclipse.hono.util.Constants)
Tenant(org.eclipse.hono.service.management.tenant.Tenant)
Timeout(io.vertx.junit5.Timeout)
IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue)
JsonObject(io.vertx.core.json.JsonObject)
MqttConnectionException(io.vertx.mqtt.MqttConnectionException)
Tenants(org.eclipse.hono.tests.Tenants)
RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants)
ValueSource(org.junit.jupiter.params.provider.ValueSource)
Device(org.eclipse.hono.service.management.device.Device)
Promise(io.vertx.core.Promise)
X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret)
RegistrationConstants(org.eclipse.hono.util.RegistrationConstants)
UUID(java.util.UUID)
Truth.assertThat(com.google.common.truth.Truth.assertThat)
VertxExtension(io.vertx.junit5.VertxExtension)
Future(io.vertx.core.Future)
TimeUnit(java.util.concurrent.TimeUnit)
Test(org.junit.jupiter.api.Test)
List(java.util.List)
Adapter(org.eclipse.hono.util.Adapter)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Collections(java.util.Collections)
PasswordCredential(org.eclipse.hono.service.management.credentials.PasswordCredential)
MqttConnectionException(io.vertx.mqtt.MqttConnectionException)
X500Principal(javax.security.auth.x500.X500Principal)
X509CertificateSecret(org.eclipse.hono.service.management.credentials.X509CertificateSecret)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Aggregations
Truth.assertThat (com.google.common.truth.Truth.assertThat)3
JsonObject (io.vertx.core.json.JsonObject)3
Timeout (io.vertx.junit5.Timeout)3
VertxExtension (io.vertx.junit5.VertxExtension)3
VertxTestContext (io.vertx.junit5.VertxTestContext)3
HttpURLConnection (java.net.HttpURLConnection)3
List (java.util.List)3
UUID (java.util.UUID)3
TimeUnit (java.util.concurrent.TimeUnit)3
PasswordCredential (org.eclipse.hono.service.management.credentials.PasswordCredential)3
X509CertificateCredential (org.eclipse.hono.service.management.credentials.X509CertificateCredential)3
X509CertificateSecret (org.eclipse.hono.service.management.credentials.X509CertificateSecret)3
IntegrationTestSupport (org.eclipse.hono.tests.IntegrationTestSupport)3
RegistryManagementConstants (org.eclipse.hono.util.RegistryManagementConstants)3
BeforeEach (org.junit.jupiter.api.BeforeEach)3
Test (org.junit.jupiter.api.Test)3
MultiMap (io.vertx.core.MultiMap)2
HttpHeaders (io.vertx.core.http.HttpHeaders)2
JsonArray (io.vertx.core.json.JsonArray)2
Instant (java.time.Instant)2
