use of org.eclipse.hono.service.management.tenant.Tenant in project hono by eclipse.
the class AmqpConnectionIT method testConnectFailsForUnsupportedTlsSecurityParameters.
/**
* Verifies that the adapter rejects a connection attempt from a registered device if the device uses an unsupported
* set of TLS security parameters.
*
* @param tlsVersion The TLS protocol version to use for connecting to the adapter.
* @param cipherSuite The TLS cipher suite to use for connecting to the adapter.
* @param ctx The test context
*/
@ParameterizedTest(name = IntegrationTestSupport.PARAMETERIZED_TEST_NAME_PATTERN)
@CsvSource(value = { IntegrationTestSupport.TLS_VERSION_1_2 + ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", IntegrationTestSupport.TLS_VERSION_1_3 + ",TLS_AES_256_GCM_SHA384" })
public void testConnectFailsForUnsupportedTlsSecurityParameters(final String tlsVersion, final String cipherSuite, final VertxTestContext ctx) {
// GIVEN a client that is configured to use a combination of TLS version and cipher suite
// that is not supported by the AMQP adapter
final String tenantId = helper.getRandomTenantId();
final String deviceId = helper.getRandomDeviceId(tenantId);
final String password = "secret";
final Tenant tenant = new Tenant();
helper.registry.addDeviceForTenant(tenantId, tenant, deviceId, password).compose(ok -> connectToAdapter(tlsVersion, cipherSuite, IntegrationTestSupport.getUsername(deviceId, tenantId), password)).onComplete(ctx.failing(t -> {
// THEN the TLS handshake fails
ctx.verify(() -> assertThat(t).isInstanceOf(SSLHandshakeException.class));
ctx.completeNow();
}));
}
use of org.eclipse.hono.service.management.tenant.Tenant in project hono by eclipse.
the class AmqpConnectionIT method testConnectFailsForInvalidUsernamePattern.
/**
* Verifies that the AMQP Adapter will fail to authenticate a device whose username does not match the expected pattern
* {@code [<authId>@<tenantId>]}.
*
* @param ctx The Vert.x test context.
*/
@Test
public void testConnectFailsForInvalidUsernamePattern(final VertxTestContext ctx) {
// GIVEN an adapter with a registered device
final String tenantId = helper.getRandomTenantId();
final String deviceId = helper.getRandomDeviceId(tenantId);
final String password = "secret";
final Tenant tenant = new Tenant();
helper.registry.addDeviceForTenant(tenantId, tenant, deviceId, password).compose(ok -> connectToAdapter(deviceId, password)).onComplete(ctx.failing(t -> {
// THEN the SASL handshake fails
ctx.verify(() -> assertThat(t).isInstanceOf(SaslException.class));
ctx.completeNow();
}));
}
use of org.eclipse.hono.service.management.tenant.Tenant in project hono by eclipse.
the class AmqpConnectionIT method testConnectX509SucceedsUsingSni.
/**
* Verifies that an attempt to open a connection using a valid X.509 client certificate succeeds
* for a device belonging to a tenant that uses the same trust anchor as another tenant.
*
* @param tlsVersion The TLS protocol version to use for connecting to the adapter.
* @param ctx The test context
*/
@ParameterizedTest(name = IntegrationTestSupport.PARAMETERIZED_TEST_NAME_PATTERN)
@ValueSource(strings = { IntegrationTestSupport.TLS_VERSION_1_2, IntegrationTestSupport.TLS_VERSION_1_3 })
public void testConnectX509SucceedsUsingSni(final String tlsVersion, final VertxTestContext ctx) {
assumeTrue(IntegrationTestSupport.isTrustAnchorGroupsSupported(), "device registry does not support trust anchor groups");
final String tenantId = helper.getRandomTenantId();
final String deviceId = helper.getRandomDeviceId(tenantId);
final SelfSignedCertificate deviceCert = SelfSignedCertificate.create(deviceId + ".iot.eclipse.org");
helper.getCertificate(deviceCert.certificatePath()).compose(cert -> helper.registry.addTenant(helper.getRandomTenantId(), Tenants.createTenantForTrustAnchor(cert).setTrustAnchorGroup("test-group")).map(cert)).compose(cert -> helper.registry.addDeviceForTenant(tenantId, Tenants.createTenantForTrustAnchor(cert).setTrustAnchorGroup("test-group"), deviceId, cert)).compose(ok -> connectToAdapter(tenantId + "." + IntegrationTestSupport.AMQP_HOST, deviceCert, tlsVersion)).onComplete(ctx.succeeding(con -> {
ctx.verify(() -> assertThat(con.isDisconnected()).isFalse());
ctx.completeNow();
}));
}
use of org.eclipse.hono.service.management.tenant.Tenant in project hono by eclipse.
the class AmqpConnectionIT method testDeviceConnectionIsClosedOnTenantDisabled.
/**
* Verifies that the adapter closes the connection to a device when the tenant of the device
* is disabled.
*
* @param ctx The vert.x test context.
*/
@Test
public void testDeviceConnectionIsClosedOnTenantDisabled(final VertxTestContext ctx) {
final String tenantId = helper.getRandomTenantId();
final String deviceId = helper.getRandomDeviceId(tenantId);
final Tenant updatedTenant = new Tenant().setEnabled(false);
testDeviceConnectionIsClosedOnDeviceOrTenantDisabledOrDeleted(ctx, tenantId, deviceId, () -> helper.registry.updateTenant(tenantId, updatedTenant, HttpURLConnection.HTTP_NO_CONTENT));
}
use of org.eclipse.hono.service.management.tenant.Tenant in project hono by eclipse.
the class AmqpConnectionIT method testConnectFailsForNonExistingTenant.
/**
* Verifies that the adapter rejects connection attempts from devices
* using credentials that contain a non-existing tenant.
*
* @param ctx The test context
*/
@Test
public void testConnectFailsForNonExistingTenant(final VertxTestContext ctx) {
// GIVEN a registered device
final String tenantId = helper.getRandomTenantId();
final String deviceId = helper.getRandomDeviceId(tenantId);
final String password = "secret";
final Tenant tenant = new Tenant();
helper.registry.addDeviceForTenant(tenantId, tenant, deviceId, password).compose(ok -> connectToAdapter(IntegrationTestSupport.getUsername(deviceId, "nonExistingTenant"), password)).onComplete(ctx.failing(t -> {
// THEN the connection is refused
ctx.verify(() -> assertThat(t).isInstanceOf(AuthenticationException.class));
ctx.completeNow();
}));
}
Aggregations