use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class DeviceAndGatewayAutoProvisionerTest method init.
/**
* Initializes common fixture.
*
* @throws GeneralSecurityException if the self signed certificate cannot be created.
* @throws IOException if the self signed certificate cannot be read.
*/
@SuppressWarnings("unchecked")
@BeforeEach
public void init() throws GeneralSecurityException, IOException {
tenantId = UUID.randomUUID().toString();
deviceId = UUID.randomUUID().toString();
commonName = UUID.randomUUID().toString();
final SelfSignedCertificate ssc = SelfSignedCertificate.create(String.format("%s,OU=Hono,O=Eclipse", commonName));
cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(ssc.certificatePath()));
subjectDn = cert.getSubjectX500Principal().getName(X500Principal.RFC2253);
final TrustedCertificateAuthority trustedCertificateAuthority = new TrustedCertificateAuthority().setCertificate(cert.getEncoded());
tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustedCertificateAuthority));
deviceManagementService = mock(DeviceManagementService.class);
credentialsManagementService = mock(CredentialsManagementService.class);
sender = mock(EventSender.class);
when(sender.getMessagingType()).thenReturn(MessagingType.amqp);
when(sender.sendEvent(any(TenantObject.class), any(RegistrationAssertion.class), anyString(), any(), any(Map.class), any())).thenReturn(Future.succeededFuture());
deviceAndGatewayAutoProvisioner = new DeviceAndGatewayAutoProvisioner(mock(Vertx.class), deviceManagementService, credentialsManagementService, new MessagingClientProvider<EventSender>().setClient(sender));
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class DeviceRegistryUtilsTest method testTenantConversion.
/**
* Verifies the conversion of a {@link Tenant} instance to a {@link org.eclipse.hono.util.TenantObject}.
*/
@Test
public void testTenantConversion() {
final TenantTracingConfig tracingConfig = new TenantTracingConfig();
tracingConfig.setSamplingMode(TracingSamplingMode.ALL);
tracingConfig.setSamplingModePerAuthId(Map.of("authId1", TracingSamplingMode.ALL, "authId2", TracingSamplingMode.DEFAULT));
final TrustedCertificateAuthority ca1 = new TrustedCertificateAuthority().setSubjectDn("CN=test.org").setKeyAlgorithm("EC").setPublicKey("NOT_A_PUBLIC_KEY".getBytes()).setNotBefore(Instant.now().minus(1, ChronoUnit.DAYS)).setNotAfter(Instant.now().plus(2, ChronoUnit.DAYS)).setAuthIdTemplate("auth-{{subject-cn}}").setAutoProvisioningAsGatewayEnabled(true).setAutoProvisioningDeviceIdTemplate("device-{{subject-dn}}");
final TrustedCertificateAuthority ca2 = new TrustedCertificateAuthority().setSubjectDn("CN=test.org").setKeyAlgorithm("RSA").setPublicKey("NOT_A_PUBLIC_KEY".getBytes()).setNotBefore(Instant.now().plus(1, ChronoUnit.DAYS)).setNotAfter(Instant.now().plus(20, ChronoUnit.DAYS)).setAuthIdTemplate("auth-{{subject-cn}}").setAutoProvisioningAsGatewayEnabled(true).setAutoProvisioningDeviceIdTemplate("device-{{subject-dn}}");
final Tenant source = new Tenant();
source.setEnabled(true);
source.setTracing(tracingConfig);
source.setDefaults(Map.of("ttl", 30));
source.setExtensions(Map.of("custom", "value"));
source.setTrustedCertificateAuthorities(List.of(ca1, ca2));
final JsonObject tracingConfigJsonObject = new JsonObject();
tracingConfigJsonObject.put(TenantConstants.FIELD_TRACING_SAMPLING_MODE, "all");
final JsonObject tracingSamplingModeJsonObject = new JsonObject().put("authId1", "all").put("authId2", "default");
tracingConfigJsonObject.put(TenantConstants.FIELD_TRACING_SAMPLING_MODE_PER_AUTH_ID, tracingSamplingModeJsonObject);
final JsonArray expectedAuthorities = new JsonArray().add(new JsonObject().put(TenantConstants.FIELD_PAYLOAD_SUBJECT_DN, "CN=test.org").put(TenantConstants.FIELD_PAYLOAD_PUBLIC_KEY, "NOT_A_PUBLIC_KEY".getBytes()).put(TenantConstants.FIELD_PAYLOAD_KEY_ALGORITHM, "EC").put(TenantConstants.FIELD_PAYLOAD_AUTH_ID_TEMPLATE, "auth-{{subject-cn}}").put(TenantConstants.FIELD_AUTO_PROVISIONING_ENABLED, false));
final JsonObject target = DeviceRegistryUtils.convertTenant("4711", source, true);
assertThat(target.getString(TenantConstants.FIELD_PAYLOAD_TENANT_ID)).isEqualTo("4711");
assertThat(target.getBoolean(TenantConstants.FIELD_ENABLED)).isTrue();
assertThat(target.getJsonObject(TenantConstants.FIELD_TRACING)).isEqualTo(tracingConfigJsonObject);
assertThat(target.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).isEqualTo(expectedAuthorities);
assertThat(target.getJsonArray(TenantConstants.FIELD_ADAPTERS)).isNull();
final JsonObject defaults = target.getJsonObject(TenantConstants.FIELD_PAYLOAD_DEFAULTS);
assertThat(defaults).isNotNull();
assertThat(defaults.getInteger("ttl")).isEqualTo(30);
final JsonObject extensions = target.getJsonObject(RegistryManagementConstants.FIELD_EXT);
assertThat(extensions).isNotNull();
assertThat(extensions.getString("custom")).isEqualTo("value");
// Verify that the internal attributes to the device registry are not transferred to the TenantObject
assertThat(expectedAuthorities.getJsonObject(0).containsKey(RegistryManagementConstants.FIELD_AUTO_PROVISION_AS_GATEWAY)).isFalse();
assertThat(expectedAuthorities.getJsonObject(0).containsKey(RegistryManagementConstants.FIELD_AUTO_PROVISIONING_DEVICE_ID_TEMPLATE)).isFalse();
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class TenantManagementIT method testUpdateTenantSucceedsForCaSharedWithinTrustAnchorGroup.
/**
* Verifies that the service successfully updates a tenant with a CA that is also used by
* an existing tenant that belongs to the same trust anchor group.
*
* @param context The Vert.x test context.
*/
@Test
public void testUpdateTenantSucceedsForCaSharedWithinTrustAnchorGroup(final VertxTestContext context) {
assumeTrue(IntegrationTestSupport.isTrustAnchorGroupsSupported(), "device registry does not support trust anchor groups");
final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
final TrustedCertificateAuthority trustAnchor = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final Tenant tenant = new Tenant().setTrustAnchorGroup("test-group").setTrustedCertificateAuthorities(List.of(trustAnchor));
final String tenantId = getHelper().getRandomTenantId();
getHelper().registry.addTenant(getHelper().getRandomTenantId(), tenant).onFailure(context::failNow).compose(ok -> getHelper().registry.addTenant(tenantId)).onFailure(context::failNow).compose(ok -> getHelper().registry.updateTenant(tenantId, tenant, HttpURLConnection.HTTP_NO_CONTENT)).onComplete(context.succeedingThenComplete());
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class TenantManagementIT method testAddTenantSucceedsForConfigurationWithMissingTrustAnchorIds.
/**
* Verifies that the service successfully creates a tenant from a request having a tenant anchor
* with an ID and an another without an ID.
*
* @param context The Vert.x test context.
*/
@Test
public void testAddTenantSucceedsForConfigurationWithMissingTrustAnchorIds(final VertxTestContext context) {
final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor(null, "CN=test-dn-1", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final Tenant tenant = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1, trustAnchor2));
final String tenantId = getHelper().getRandomTenantId();
getHelper().registry.addTenant(tenantId, tenant).compose(ok -> getHelper().registry.getTenant(tenantId)).onComplete(context.succeeding(httpResponse -> {
context.verify(() -> {
final JsonObject response = httpResponse.bodyAsJsonObject();
assertThat(response.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).hasSize(2);
final JsonArray trustAnchors = response.getJsonArray(RegistryManagementConstants.FIELD_PAYLOAD_TRUSTED_CA);
assertThat(trustAnchors.getJsonObject(0).getString(RegistryManagementConstants.FIELD_ID)).isEqualTo("test-ca");
assertNotNull(trustAnchors.getJsonObject(1).getString(RegistryManagementConstants.FIELD_ID));
});
context.completeNow();
}));
}
use of org.eclipse.hono.service.management.tenant.TrustedCertificateAuthority in project hono by eclipse.
the class TenantManagementIT method testUpdateTenantSucceedsForConfigurationWithMissingTrustAnchorIds.
/**
* Verifies that the service successfully updates a tenant from a request having a tenant anchor
* with an ID and an another without an ID.
*
* @param context The Vert.x test context.
*/
@Test
public void testUpdateTenantSucceedsForConfigurationWithMissingTrustAnchorIds(final VertxTestContext context) {
final PublicKey publicKey = TenantApiTests.getRandomPublicKey();
final TrustedCertificateAuthority trustAnchor1 = Tenants.createTrustAnchor("test-ca", "CN=test-dn", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final TrustedCertificateAuthority trustAnchor2 = Tenants.createTrustAnchor(null, "CN=test-dn-1", publicKey.getEncoded(), publicKey.getAlgorithm(), Instant.now(), Instant.now().plus(365, ChronoUnit.DAYS));
final Tenant tenantForUpdate = new Tenant().setTrustedCertificateAuthorities(List.of(trustAnchor1, trustAnchor2));
final String tenantId = getHelper().getRandomTenantId();
getHelper().registry.addTenant(tenantId, new Tenant()).compose(ok -> getHelper().registry.updateTenant(tenantId, tenantForUpdate, HttpURLConnection.HTTP_NO_CONTENT)).compose(ok -> getHelper().registry.getTenant(tenantId)).onComplete(context.succeeding(httpResponse -> {
context.verify(() -> {
final JsonObject response = httpResponse.bodyAsJsonObject();
assertThat(response.getJsonArray(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA)).hasSize(2);
final JsonArray trustAnchors = response.getJsonArray(RegistryManagementConstants.FIELD_PAYLOAD_TRUSTED_CA);
assertThat(trustAnchors.getJsonObject(0).getString(RegistryManagementConstants.FIELD_ID)).isEqualTo("test-ca");
assertNotNull(trustAnchors.getJsonObject(1).getString(RegistryManagementConstants.FIELD_ID));
});
context.completeNow();
}));
}
Aggregations