use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class TenantManagementIT method testAddTenantFailsForConfigurationWithNonUniqueTrustAnchorIds.
/**
* Verifies that the service returns a 400 status code for an add tenant request containing a malformed trust
* configuration (i.e with non-unique trust anchor IDs).
*
* @param context The Vert.x test context.
*/
@Test
public void testAddTenantFailsForConfigurationWithNonUniqueTrustAnchorIds(final VertxTestContext context) {
final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now().plus(366, ChronoUnit.DAYS), Instant.now().plus(730, ChronoUnit.DAYS));
final Tenant tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1, trustAnchor2));
final String tenantId = getHelper().getRandomTenantId();
getHelper().registry.addTenant(tenantId, tenant, HttpURLConnection.HTTP_BAD_REQUEST).onComplete(context.succeeding(response -> {
context.verify(() -> IntegrationTestSupport.assertErrorPayload(response));
context.completeNow();
}));
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class TenantManagementIT method testAddTenantSucceedsForCaSharedWithinTrustAnchorGroup.
/**
* Verifies that the service successfully creates a tenant containing a CA that is also used by
* an existing tenant that belongs to the same trust anchor group.
*
* @param context The Vert.x test context.
*/
@Test
public void testAddTenantSucceedsForCaSharedWithinTrustAnchorGroup(final VertxTestContext context) {
assumeTrue(IntegrationTestSupport.isTrustAnchorGroupsSupported(), "device registry does not support trust anchor groups");
final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
final TrustedCertificateAuthority trustAnchor = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final Tenant tenant = new Tenant().setTrustAnchorGroup("test-group").setTrustedCertificateAuthorities(List.of(trustAnchor));
final String tenantId = getHelper().getRandomTenantId();
getHelper().registry.addTenant(tenantId, tenant).onFailure(context::failNow).compose(ok -> getHelper().registry.addTenant(getHelper().getRandomTenantId(), tenant)).onComplete(context.succeedingThenComplete());
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class TenantManagementIT method testUpdateTenantPreventsEmptyCaArray.
/**
* Verifies that setting an empty list of trusted CAs on multiple tenants does not result in a unique key
* violation.
*
* @param context The Vert.x test context.
*/
@Test
public void testUpdateTenantPreventsEmptyCaArray(final VertxTestContext context) {
final String tenantId = getHelper().getRandomTenantId();
final var tenantTwoId = getHelper().getRandomTenantId();
final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn-1", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor(null, "CN=test-dn-2", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
getHelper().registry.addTenant(tenantId, new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1))).compose(ok -> getHelper().registry.addTenant(tenantTwoId, new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor2)))).compose(ok -> getHelper().registry.updateTenant(tenantId, new Tenant().setTrustedCertificateAuthorities(List.of()), HttpURLConnection.HTTP_NO_CONTENT)).compose(ok -> getHelper().registry.updateTenant(tenantTwoId, new Tenant().setTrustedCertificateAuthorities(List.of()), HttpURLConnection.HTTP_NO_CONTENT)).onComplete(context.succeedingThenComplete());
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class TenantManagementIT method testAddTenantFailsForConfigurationWithDuplicateTrustAnchor.
/**
* Verifies that the service returns a 409 status code for an add tenant request containing a
* CA that is already in use by another tenant that does not belong to the same trust anchor group.
*
* @param context The Vert.x test context.
*/
@Test
public void testAddTenantFailsForConfigurationWithDuplicateTrustAnchor(final VertxTestContext context) {
final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
final TrustedCertificateAuthority trustAnchor = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final Tenant tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor));
final String tenantId = getHelper().getRandomTenantId();
getHelper().registry.addTenant(tenantId, tenant).onFailure(context::failNow).compose(ok -> getHelper().registry.addTenant(getHelper().getRandomTenantId(), tenant, HttpURLConnection.HTTP_CONFLICT)).onComplete(context.succeeding(response -> {
context.verify(() -> IntegrationTestSupport.assertErrorPayload(response));
context.completeNow();
}));
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class DeviceAndGatewayAutoProvisionerTest method configureTenant.
private void configureTenant(final boolean isGateway, final String deviceIdTemplate) {
final TrustedCertificateAuthority trustedCA = tenant.getTrustedCertificateAuthorities().get(0);
// GIVEN a tenant CA with auto-provisioning enabled
trustedCA.setAutoProvisioningEnabled(true);
if (isGateway) {
// The property auto-provision-as-gateway is set to true
trustedCA.setAutoProvisioningAsGatewayEnabled(true);
}
// Set the device id template if available
Optional.ofNullable(deviceIdTemplate).ifPresent(trustedCA::setAutoProvisioningDeviceIdTemplate);
}
Aggregations