Examples with TrustedCertificateAuthority org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority used on opensource projects

Example 6 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class DeviceAndGatewayAutoProvisionerTest method init.

/**
 * Initializes common fixture.
 *
 * @throws GeneralSecurityException if the self signed certificate cannot be created.
 * @throws IOException if the self signed certificate cannot be read.
 */
@SuppressWarnings("unchecked")
@BeforeEach
public void init() throws GeneralSecurityException, IOException {
    tenantId = UUID.randomUUID().toString();
    deviceId = UUID.randomUUID().toString();
    commonName = UUID.randomUUID().toString();
    final SelfSignedCertificate ssc = SelfSignedCertificate.create(String.format("%s,OU=Hono,O=Eclipse", commonName));
    cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(ssc.certificatePath()));
    subjectDn = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
    final TrustedCertificateAuthority trustedCertificateAuthority = new TrustedCertificateAuthority().setCertificate(cert.getEncoded());
    tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustedCertificateAuthority));
    deviceManagementService = mock(DeviceManagementService.class);
    credentialsManagementService = mock(CredentialsManagementService.class);
    sender = mock(EventSender.class);
    when(sender.getMessagingType()).thenReturn(MessagingType.amqp);
    when(sender.sendEvent(any(TenantObject.class), any(RegistrationAssertion.class), anyString(), any(), any(Map.class), any())).thenReturn(Future.succeededFuture());
    deviceAndGatewayAutoProvisioner = new DeviceAndGatewayAutoProvisioner(mock(Vertx.class), deviceManagementService, credentialsManagementService, new MessagingClientProvider<EventSender>().setClient(sender));
}

Example 7 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class DeviceRegistryUtilsTest method testTenantConversion.

/**
 * Verifies the conversion of a {@link Tenant} instance to a {@link org.eclipse.hono.util.TenantObject}.
 */
@Test
public void testTenantConversion() {
    final TenantTracingConfig tracingConfig = new TenantTracingConfig();
    tracingConfig.setSamplingMode(TracingSamplingMode.ALL);
    tracingConfig.setSamplingModePerAuthId(Map.of("authId1", TracingSamplingMode.ALL, "authId2", TracingSamplingMode.DEFAULT));
    final TrustedCertificateAuthority ca1 = new TrustedCertificateAuthority().setSubjectDn("CN=test.org").setKeyAlgorithm("EC").setPublicKey("NOT_A_PUBLIC_KEY".getBytes()).setNotBefore(Instant.now().minus(1, ChronoUnit.DAYS)).setNotAfter(Instant.now().plus(2, ChronoUnit.DAYS)).setAuthIdTemplate("auth-{{subject-cn}}").setAutoProvisioningAsGatewayEnabled(true).setAutoProvisioningDeviceIdTemplate("device-{{subject-dn}}");
    final TrustedCertificateAuthority ca2 = new TrustedCertificateAuthority().setSubjectDn("CN=test.org").setKeyAlgorithm("RSA").setPublicKey("NOT_A_PUBLIC_KEY".getBytes()).setNotBefore(Instant.now().plus(1, ChronoUnit.DAYS)).setNotAfter(Instant.now().plus(20, ChronoUnit.DAYS)).setAuthIdTemplate("auth-{{subject-cn}}").setAutoProvisioningAsGatewayEnabled(true).setAutoProvisioningDeviceIdTemplate("device-{{subject-dn}}");
    final Tenant source = new Tenant();
    source.setEnabled(true);
    source.setTracing(tracingConfig);
    source.setDefaults(Map.of("ttl", 30));
    source.setExtensions(Map.of("custom", "value"));
    source.setTrustedCertificateAuthorities(List.of(ca1, ca2));
    final JsonObject tracingConfigJsonObject = new JsonObject();
    tracingConfigJsonObject.put(TenantConstants.FIELD_TRACING_SAMPLING_MODE, "all");
    final JsonObject tracingSamplingModeJsonObject = new JsonObject().put("authId1", "all").put("authId2", "default");
    tracingConfigJsonObject.put(TenantConstants.FIELD_TRACING_SAMPLING_MODE_PER_AUTH_ID, tracingSamplingModeJsonObject);
    final JsonArray expectedAuthorities = new JsonArray().add(new JsonObject().put(TenantConstants.FIELD_PAYLOAD_SUBJECT_DN, "CN=test.org").put(TenantConstants.FIELD_PAYLOAD_PUBLIC_KEY, "NOT_A_PUBLIC_KEY".getBytes()).put(TenantConstants.FIELD_PAYLOAD_KEY_ALGORITHM, "EC").put(TenantConstants.FIELD_PAYLOAD_AUTH_ID_TEMPLATE, "auth-{{subject-cn}}").put(TenantConstants.FIELD_AUTO_PROVISIONING_ENABLED, false));
    final JsonObject target = DeviceRegistryUtils.convertTenant("4711", source, true);
    assertThat(target.getString(TenantConstants.FIELD_PAYLOAD_TENANT_ID)).isEqualTo("4711");
    assertThat(target.getBoolean(TenantConstants.FIELD_ENABLED)).isTrue();
    assertThat(target.getJsonObject(TenantConstants.FIELD_TRACING)).isEqualTo(tracingConfigJsonObject);
    assertThat(target.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).isEqualTo(expectedAuthorities);
    assertThat(target.getJsonArray(TenantConstants.FIELD_ADAPTERS)).isNull();
    final JsonObject defaults = target.getJsonObject(TenantConstants.FIELD_PAYLOAD_DEFAULTS);
    assertThat(defaults).isNotNull();
    assertThat(defaults.getInteger("ttl")).isEqualTo(30);
    final JsonObject extensions = target.getJsonObject(RegistryManagementConstants.FIELD_EXT);
    assertThat(extensions).isNotNull();
    assertThat(extensions.getString("custom")).isEqualTo("value");
    // Verify that the internal attributes to the device registry are not transferred to the TenantObject
    assertThat(expectedAuthorities.getJsonObject(0).containsKey(RegistryManagementConstants.FIELD_AUTO_PROVISION_AS_GATEWAY)).isFalse();
    assertThat(expectedAuthorities.getJsonObject(0).containsKey(RegistryManagementConstants.FIELD_AUTO_PROVISIONING_DEVICE_ID_TEMPLATE)).isFalse();
}

Example 8 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class TenantManagementIT method testUpdateTenantSucceedsForCaSharedWithinTrustAnchorGroup.

/**
 * Verifies that the service successfully updates a tenant with a CA that is also used by
 * an existing tenant that belongs to the same trust anchor group.
 *
 * @param context The Vert.x test context.
 */
@Test
public void testUpdateTenantSucceedsForCaSharedWithinTrustAnchorGroup(final VertxTestContext context) {
    assumeTrue(IntegrationTestSupport.isTrustAnchorGroupsSupported(), "device registry does not support trust anchor groups");
    final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
    final TrustedCertificateAuthority trustAnchor = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final Tenant tenant = new Tenant().setTrustAnchorGroup("test-group").setTrustedCertificateAuthorities(List.of(trustAnchor));
    final String tenantId = getHelper().getRandomTenantId();
    getHelper().registry.addTenant(getHelper().getRandomTenantId(), tenant).onFailure(context::failNow).compose(ok -> getHelper().registry.addTenant(tenantId)).onFailure(context::failNow).compose(ok -> getHelper().registry.updateTenant(tenantId, tenant, HttpURLConnection.HTTP_NO_CONTENT)).onComplete(context.succeedingThenComplete());
}

Example 9 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class TenantManagementIT method testAddTenantSucceedsForConfigurationWithMissingTrustAnchorIds.

/**
 * Verifies that the service successfully creates a tenant from a request having a tenant anchor
 * with an ID and an another without an ID.
 *
 * @param context The Vert.x test context.
 */
@Test
public void testAddTenantSucceedsForConfigurationWithMissingTrustAnchorIds(final VertxTestContext context) {
    final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
    final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor(null, "CN=test-dn-1", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final Tenant tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1, trustAnchor2));
    final String tenantId = getHelper().getRandomTenantId();
    getHelper().registry.addTenant(tenantId, tenant).compose(ok -> getHelper().registry.getTenant(tenantId)).onComplete(context.succeeding(httpResponse -> {
        context.verify(() -> {
            final JsonObject response = httpResponse.bodyAsJsonObject();
            assertThat(response.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).hasSize(2);
            final JsonArray trustAnchors = response.getJsonArray(RegistryManagementConstants.FIELD_PAYLOAD_TRUSTED_CA);
            assertThat(trustAnchors.getJsonObject(0).getString(RegistryManagementConstants.FIELD_ID)).isEqualTo("test-ca");
            assertNotNull(trustAnchors.getJsonObject(1).getString(RegistryManagementConstants.FIELD_ID));
        });
        context.completeNow();
    }));
}

Example 10 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class TenantManagementIT method testUpdateTenantSucceedsForConfigurationWithMissingTrustAnchorIds.

/**
 * Verifies that the service successfully updates a tenant from a request having a tenant anchor
 * with an ID and an another without an ID.
 *
 * @param context The Vert.x test context.
 */
@Test
public void testUpdateTenantSucceedsForConfigurationWithMissingTrustAnchorIds(final VertxTestContext context) {
    final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
    final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor(null, "CN=test-dn-1", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final Tenant tenantForUpdate = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1, trustAnchor2));
    final String tenantId = getHelper().getRandomTenantId();
    getHelper().registry.addTenant(tenantId, new Tenant()).compose(ok -> getHelper().registry.updateTenant(tenantId, tenantForUpdate, HttpURLConnection.HTTP_NO_CONTENT)).compose(ok -> getHelper().registry.getTenant(tenantId)).onComplete(context.succeeding(httpResponse -> {
        context.verify(() -> {
            final JsonObject response = httpResponse.bodyAsJsonObject();
            assertThat(response.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).hasSize(2);
            final JsonArray trustAnchors = response.getJsonArray(RegistryManagementConstants.FIELD_PAYLOAD_TRUSTED_CA);
            assertThat(trustAnchors.getJsonObject(0).getString(RegistryManagementConstants.FIELD_ID)).isEqualTo("test-ca");
            assertNotNull(trustAnchors.getJsonObject(1).getString(RegistryManagementConstants.FIELD_ID));
        });
        context.completeNow();
    }));
}