Search in sources :

Example 6 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class DeviceAndGatewayAutoProvisionerTest method init.

/**
 * Initializes common fixture.
 *
 * @throws GeneralSecurityException if the self signed certificate cannot be created.
 * @throws IOException if the self signed certificate cannot be read.
 */
@SuppressWarnings("unchecked")
@BeforeEach
public void init() throws GeneralSecurityException, IOException {
    tenantId = UUID.randomUUID().toString();
    deviceId = UUID.randomUUID().toString();
    commonName = UUID.randomUUID().toString();
    final SelfSignedCertificate ssc = SelfSignedCertificate.create(String.format("%s,OU=Hono,O=Eclipse", commonName));
    cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(ssc.certificatePath()));
    subjectDn = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
    final TrustedCertificateAuthority trustedCertificateAuthority = new TrustedCertificateAuthority().setCertificate(cert.getEncoded());
    tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustedCertificateAuthority));
    deviceManagementService = mock(DeviceManagementService.class);
    credentialsManagementService = mock(CredentialsManagementService.class);
    sender = mock(EventSender.class);
    when(sender.getMessagingType()).thenReturn(MessagingType.amqp);
    when(sender.sendEvent(any(TenantObject.class), any(RegistrationAssertion.class), anyString(), any(), any(Map.class), any())).thenReturn(Future.succeededFuture());
    deviceAndGatewayAutoProvisioner = new DeviceAndGatewayAutoProvisioner(mock(Vertx.class), deviceManagementService, credentialsManagementService, new MessagingClientProvider<EventSender>().setClient(sender));
}
Also used : TenantObject(org.eclipse.hono.util.TenantObject) SelfSignedCertificate(io.vertx.core.net.SelfSignedCertificate) Tenant(org.eclipse.hono.service.management.tenant.Tenant) RegistrationAssertion(org.eclipse.hono.util.RegistrationAssertion) EventSender(org.eclipse.hono.client.telemetry.EventSender) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) CredentialsManagementService(org.eclipse.hono.service.management.credentials.CredentialsManagementService) Map(java.util.Map) FileInputStream(java.io.FileInputStream) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 7 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class DeviceRegistryUtilsTest method testTenantConversion.

/**
 * Verifies the conversion of a {@link Tenant} instance to a {@link org.eclipse.hono.util.TenantObject}.
 */
@Test
public void testTenantConversion() {
    final TenantTracingConfig tracingConfig = new TenantTracingConfig();
    tracingConfig.setSamplingMode(TracingSamplingMode.ALL);
    tracingConfig.setSamplingModePerAuthId(Map.of("authId1", TracingSamplingMode.ALL, "authId2", TracingSamplingMode.DEFAULT));
    final TrustedCertificateAuthority ca1 = new TrustedCertificateAuthority().setSubjectDn("CN=test.org").setKeyAlgorithm("EC").setPublicKey("NOT_A_PUBLIC_KEY".getBytes()).setNotBefore(Instant.now().minus(1, ChronoUnit.DAYS)).setNotAfter(Instant.now().plus(2, ChronoUnit.DAYS)).setAuthIdTemplate("auth-{{subject-cn}}").setAutoProvisioningAsGatewayEnabled(true).setAutoProvisioningDeviceIdTemplate("device-{{subject-dn}}");
    final TrustedCertificateAuthority ca2 = new TrustedCertificateAuthority().setSubjectDn("CN=test.org").setKeyAlgorithm("RSA").setPublicKey("NOT_A_PUBLIC_KEY".getBytes()).setNotBefore(Instant.now().plus(1, ChronoUnit.DAYS)).setNotAfter(Instant.now().plus(20, ChronoUnit.DAYS)).setAuthIdTemplate("auth-{{subject-cn}}").setAutoProvisioningAsGatewayEnabled(true).setAutoProvisioningDeviceIdTemplate("device-{{subject-dn}}");
    final Tenant source = new Tenant();
    source.setEnabled(true);
    source.setTracing(tracingConfig);
    source.setDefaults(Map.of("ttl", 30));
    source.setExtensions(Map.of("custom", "value"));
    source.setTrustedCertificateAuthorities(List.of(ca1, ca2));
    final JsonObject tracingConfigJsonObject = new JsonObject();
    tracingConfigJsonObject.put(TenantConstants.FIELD_TRACING_SAMPLING_MODE, "all");
    final JsonObject tracingSamplingModeJsonObject = new JsonObject().put("authId1", "all").put("authId2", "default");
    tracingConfigJsonObject.put(TenantConstants.FIELD_TRACING_SAMPLING_MODE_PER_AUTH_ID, tracingSamplingModeJsonObject);
    final JsonArray expectedAuthorities = new JsonArray().add(new JsonObject().put(TenantConstants.FIELD_PAYLOAD_SUBJECT_DN, "CN=test.org").put(TenantConstants.FIELD_PAYLOAD_PUBLIC_KEY, "NOT_A_PUBLIC_KEY".getBytes()).put(TenantConstants.FIELD_PAYLOAD_KEY_ALGORITHM, "EC").put(TenantConstants.FIELD_PAYLOAD_AUTH_ID_TEMPLATE, "auth-{{subject-cn}}").put(TenantConstants.FIELD_AUTO_PROVISIONING_ENABLED, false));
    final JsonObject target = DeviceRegistryUtils.convertTenant("4711", source, true);
    assertThat(target.getString(TenantConstants.FIELD_PAYLOAD_TENANT_ID)).isEqualTo("4711");
    assertThat(target.getBoolean(TenantConstants.FIELD_ENABLED)).isTrue();
    assertThat(target.getJsonObject(TenantConstants.FIELD_TRACING)).isEqualTo(tracingConfigJsonObject);
    assertThat(target.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).isEqualTo(expectedAuthorities);
    assertThat(target.getJsonArray(TenantConstants.FIELD_ADAPTERS)).isNull();
    final JsonObject defaults = target.getJsonObject(TenantConstants.FIELD_PAYLOAD_DEFAULTS);
    assertThat(defaults).isNotNull();
    assertThat(defaults.getInteger("ttl")).isEqualTo(30);
    final JsonObject extensions = target.getJsonObject(RegistryManagementConstants.FIELD_EXT);
    assertThat(extensions).isNotNull();
    assertThat(extensions.getString("custom")).isEqualTo("value");
    // Verify that the internal attributes to the device registry are not transferred to the TenantObject
    assertThat(expectedAuthorities.getJsonObject(0).containsKey(RegistryManagementConstants.FIELD_AUTO_PROVISION_AS_GATEWAY)).isFalse();
    assertThat(expectedAuthorities.getJsonObject(0).containsKey(RegistryManagementConstants.FIELD_AUTO_PROVISIONING_DEVICE_ID_TEMPLATE)).isFalse();
}
Also used : JsonArray(io.vertx.core.json.JsonArray) Tenant(org.eclipse.hono.service.management.tenant.Tenant) JsonObject(io.vertx.core.json.JsonObject) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) TenantTracingConfig(org.eclipse.hono.util.TenantTracingConfig) Test(org.junit.jupiter.api.Test)

Example 8 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class TenantManagementIT method testUpdateTenantSucceedsForCaSharedWithinTrustAnchorGroup.

/**
 * Verifies that the service successfully updates a tenant with a CA that is also used by
 * an existing tenant that belongs to the same trust anchor group.
 *
 * @param context The Vert.x test context.
 */
@Test
public void testUpdateTenantSucceedsForCaSharedWithinTrustAnchorGroup(final VertxTestContext context) {
    assumeTrue(IntegrationTestSupport.isTrustAnchorGroupsSupported(), "device registry does not support trust anchor groups");
    final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
    final TrustedCertificateAuthority trustAnchor = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final Tenant tenant = new Tenant().setTrustAnchorGroup("test-group").setTrustedCertificateAuthorities(List.of(trustAnchor));
    final String tenantId = getHelper().getRandomTenantId();
    getHelper().registry.addTenant(getHelper().getRandomTenantId(), tenant).onFailure(context::failNow).compose(ok -> getHelper().registry.addTenant(tenantId)).onFailure(context::failNow).compose(ok -> getHelper().registry.updateTenant(tenantId, tenant, HttpURLConnection.HTTP_NO_CONTENT)).onComplete(context.succeedingThenComplete());
}
Also used : HttpURLConnection(java.net.HttpURLConnection) VertxTestContext(io.vertx.junit5.VertxTestContext) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) Arrays(java.util.Arrays) TenantConstants(org.eclipse.hono.util.TenantConstants) LoggerFactory(org.slf4j.LoggerFactory) MultiMap(io.vertx.core.MultiMap) AtomicReference(java.util.concurrent.atomic.AtomicReference) Constants(org.eclipse.hono.util.Constants) Nested(org.junit.jupiter.api.Nested) Tenant(org.eclipse.hono.service.management.tenant.Tenant) Timeout(io.vertx.junit5.Timeout) CompositeFuture(io.vertx.core.CompositeFuture) Matcher(java.util.regex.Matcher) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) SearchResult(org.eclipse.hono.service.management.SearchResult) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) Map(java.util.Map) Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue) JsonObject(io.vertx.core.json.JsonObject) Tenants(org.eclipse.hono.tests.Tenants) TypeReference(com.fasterxml.jackson.core.type.TypeReference) RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants) EnabledIf(org.junit.jupiter.api.condition.EnabledIf) Device(org.eclipse.hono.service.management.device.Device) RegistrationLimits(org.eclipse.hono.service.management.tenant.RegistrationLimits) ResourceLimits(org.eclipse.hono.util.ResourceLimits) Logger(org.slf4j.Logger) JacksonCodec(io.vertx.core.json.jackson.JacksonCodec) TenantWithId(org.eclipse.hono.service.management.tenant.TenantWithId) HttpHeaders(io.vertx.core.http.HttpHeaders) PublicKey(java.security.PublicKey) Truth.assertThat(com.google.common.truth.Truth.assertThat) Instant(java.time.Instant) VertxExtension(io.vertx.junit5.VertxExtension) TimeUnit(java.util.concurrent.TimeUnit) Test(org.junit.jupiter.api.Test) JsonArray(io.vertx.core.json.JsonArray) List(java.util.List) Adapter(org.eclipse.hono.util.Adapter) ChronoUnit(java.time.temporal.ChronoUnit) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) Tenant(org.eclipse.hono.service.management.tenant.Tenant) PublicKey(java.security.PublicKey) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) Test(org.junit.jupiter.api.Test)

Example 9 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class TenantManagementIT method testAddTenantSucceedsForConfigurationWithMissingTrustAnchorIds.

/**
 * Verifies that the service successfully creates a tenant from a request having a tenant anchor
 * with an ID and an another without an ID.
 *
 * @param context The Vert.x test context.
 */
@Test
public void testAddTenantSucceedsForConfigurationWithMissingTrustAnchorIds(final VertxTestContext context) {
    final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
    final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor(null, "CN=test-dn-1", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final Tenant tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1, trustAnchor2));
    final String tenantId = getHelper().getRandomTenantId();
    getHelper().registry.addTenant(tenantId, tenant).compose(ok -> getHelper().registry.getTenant(tenantId)).onComplete(context.succeeding(httpResponse -> {
        context.verify(() -> {
            final JsonObject response = httpResponse.bodyAsJsonObject();
            assertThat(response.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).hasSize(2);
            final JsonArray trustAnchors = response.getJsonArray(RegistryManagementConstants.FIELD_PAYLOAD_TRUSTED_CA);
            assertThat(trustAnchors.getJsonObject(0).getString(RegistryManagementConstants.FIELD_ID)).isEqualTo("test-ca");
            assertNotNull(trustAnchors.getJsonObject(1).getString(RegistryManagementConstants.FIELD_ID));
        });
        context.completeNow();
    }));
}
Also used : HttpURLConnection(java.net.HttpURLConnection) VertxTestContext(io.vertx.junit5.VertxTestContext) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) Arrays(java.util.Arrays) TenantConstants(org.eclipse.hono.util.TenantConstants) LoggerFactory(org.slf4j.LoggerFactory) MultiMap(io.vertx.core.MultiMap) AtomicReference(java.util.concurrent.atomic.AtomicReference) Constants(org.eclipse.hono.util.Constants) Nested(org.junit.jupiter.api.Nested) Tenant(org.eclipse.hono.service.management.tenant.Tenant) Timeout(io.vertx.junit5.Timeout) CompositeFuture(io.vertx.core.CompositeFuture) Matcher(java.util.regex.Matcher) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) SearchResult(org.eclipse.hono.service.management.SearchResult) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) Map(java.util.Map) Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue) JsonObject(io.vertx.core.json.JsonObject) Tenants(org.eclipse.hono.tests.Tenants) TypeReference(com.fasterxml.jackson.core.type.TypeReference) RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants) EnabledIf(org.junit.jupiter.api.condition.EnabledIf) Device(org.eclipse.hono.service.management.device.Device) RegistrationLimits(org.eclipse.hono.service.management.tenant.RegistrationLimits) ResourceLimits(org.eclipse.hono.util.ResourceLimits) Logger(org.slf4j.Logger) JacksonCodec(io.vertx.core.json.jackson.JacksonCodec) TenantWithId(org.eclipse.hono.service.management.tenant.TenantWithId) HttpHeaders(io.vertx.core.http.HttpHeaders) PublicKey(java.security.PublicKey) Truth.assertThat(com.google.common.truth.Truth.assertThat) Instant(java.time.Instant) VertxExtension(io.vertx.junit5.VertxExtension) TimeUnit(java.util.concurrent.TimeUnit) Test(org.junit.jupiter.api.Test) JsonArray(io.vertx.core.json.JsonArray) List(java.util.List) Adapter(org.eclipse.hono.util.Adapter) ChronoUnit(java.time.temporal.ChronoUnit) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) JsonArray(io.vertx.core.json.JsonArray) Tenant(org.eclipse.hono.service.management.tenant.Tenant) PublicKey(java.security.PublicKey) JsonObject(io.vertx.core.json.JsonObject) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) Test(org.junit.jupiter.api.Test)

Example 10 with TrustedCertificateAuthority

use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.

the class TenantManagementIT method testUpdateTenantSucceedsForConfigurationWithMissingTrustAnchorIds.

/**
 * Verifies that the service successfully updates a tenant from a request having a tenant anchor
 * with an ID and an another without an ID.
 *
 * @param context The Vert.x test context.
 */
@Test
public void testUpdateTenantSucceedsForConfigurationWithMissingTrustAnchorIds(final VertxTestContext context) {
    final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
    final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor(null, "CN=test-dn-1", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
    final Tenant tenantForUpdate = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1, trustAnchor2));
    final String tenantId = getHelper().getRandomTenantId();
    getHelper().registry.addTenant(tenantId, new Tenant()).compose(ok -> getHelper().registry.updateTenant(tenantId, tenantForUpdate, HttpURLConnection.HTTP_NO_CONTENT)).compose(ok -> getHelper().registry.getTenant(tenantId)).onComplete(context.succeeding(httpResponse -> {
        context.verify(() -> {
            final JsonObject response = httpResponse.bodyAsJsonObject();
            assertThat(response.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).hasSize(2);
            final JsonArray trustAnchors = response.getJsonArray(RegistryManagementConstants.FIELD_PAYLOAD_TRUSTED_CA);
            assertThat(trustAnchors.getJsonObject(0).getString(RegistryManagementConstants.FIELD_ID)).isEqualTo("test-ca");
            assertNotNull(trustAnchors.getJsonObject(1).getString(RegistryManagementConstants.FIELD_ID));
        });
        context.completeNow();
    }));
}
Also used : HttpURLConnection(java.net.HttpURLConnection) VertxTestContext(io.vertx.junit5.VertxTestContext) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) Arrays(java.util.Arrays) TenantConstants(org.eclipse.hono.util.TenantConstants) LoggerFactory(org.slf4j.LoggerFactory) MultiMap(io.vertx.core.MultiMap) AtomicReference(java.util.concurrent.atomic.AtomicReference) Constants(org.eclipse.hono.util.Constants) Nested(org.junit.jupiter.api.Nested) Tenant(org.eclipse.hono.service.management.tenant.Tenant) Timeout(io.vertx.junit5.Timeout) CompositeFuture(io.vertx.core.CompositeFuture) Matcher(java.util.regex.Matcher) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) SearchResult(org.eclipse.hono.service.management.SearchResult) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) Map(java.util.Map) Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue) JsonObject(io.vertx.core.json.JsonObject) Tenants(org.eclipse.hono.tests.Tenants) TypeReference(com.fasterxml.jackson.core.type.TypeReference) RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants) EnabledIf(org.junit.jupiter.api.condition.EnabledIf) Device(org.eclipse.hono.service.management.device.Device) RegistrationLimits(org.eclipse.hono.service.management.tenant.RegistrationLimits) ResourceLimits(org.eclipse.hono.util.ResourceLimits) Logger(org.slf4j.Logger) JacksonCodec(io.vertx.core.json.jackson.JacksonCodec) TenantWithId(org.eclipse.hono.service.management.tenant.TenantWithId) HttpHeaders(io.vertx.core.http.HttpHeaders) PublicKey(java.security.PublicKey) Truth.assertThat(com.google.common.truth.Truth.assertThat) Instant(java.time.Instant) VertxExtension(io.vertx.junit5.VertxExtension) TimeUnit(java.util.concurrent.TimeUnit) Test(org.junit.jupiter.api.Test) JsonArray(io.vertx.core.json.JsonArray) List(java.util.List) Adapter(org.eclipse.hono.util.Adapter) ChronoUnit(java.time.temporal.ChronoUnit) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) JsonArray(io.vertx.core.json.JsonArray) Tenant(org.eclipse.hono.service.management.tenant.Tenant) PublicKey(java.security.PublicKey) JsonObject(io.vertx.core.json.JsonObject) TrustedCertificateAuthority(org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority) Test(org.junit.jupiter.api.Test)

Aggregations

TrustedCertificateAuthority (org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority)12 Tenant (org.eclipse.hono.service.management.tenant.Tenant)11 JsonArray (io.vertx.core.json.JsonArray)10 JsonObject (io.vertx.core.json.JsonObject)10 Map (java.util.Map)10 TypeReference (com.fasterxml.jackson.core.type.TypeReference)9 Truth.assertThat (com.google.common.truth.Truth.assertThat)9 CompositeFuture (io.vertx.core.CompositeFuture)9 MultiMap (io.vertx.core.MultiMap)9 HttpHeaders (io.vertx.core.http.HttpHeaders)9 JacksonCodec (io.vertx.core.json.jackson.JacksonCodec)9 Timeout (io.vertx.junit5.Timeout)9 VertxExtension (io.vertx.junit5.VertxExtension)9 VertxTestContext (io.vertx.junit5.VertxTestContext)9 HttpURLConnection (java.net.HttpURLConnection)9 PublicKey (java.security.PublicKey)9 Instant (java.time.Instant)9 ChronoUnit (java.time.temporal.ChronoUnit)9 Arrays (java.util.Arrays)9 List (java.util.List)9