Examples with Adapter org.eclipse.hono.util.Adapter used on opensource projects

Example 41 with Adapter

use of org.eclipse.hono.util.Adapter in project hono by eclipse.

the class AmqpConnectionIT method testConnectFailsForNonMatchingTrustAnchor.

/**
 * Verifies that the adapter fails to authenticate a device if the device's client certificate's signature cannot be
 * validated using the trust anchor that is registered for the tenant that the device belongs to.
 *
 * @param ctx The test context.
 * @throws GeneralSecurityException if the tenant's trust anchor cannot be generated
 */
@Test
public void testConnectFailsForNonMatchingTrustAnchor(final VertxTestContext ctx) throws GeneralSecurityException {
    final String tenantId = helper.getRandomTenantId();
    final String deviceId = helper.getRandomDeviceId(tenantId);
    final KeyPair keyPair = helper.newEcKeyPair();
    final SelfSignedCertificate deviceCert = SelfSignedCertificate.create(UUID.randomUUID().toString());
    // GIVEN a tenant configured with a trust anchor
    helper.getCertificate(deviceCert.certificatePath()).compose(cert -> {
        final Tenant tenant = Tenants.createTenantForTrustAnchor(cert.getSubjectX500Principal(), keyPair.getPublic());
        return helper.registry.addDeviceForTenant(tenantId, tenant, deviceId, cert);
    }).compose(ok -> {
        // using the trust anchor registered for the device's tenant
        return connectToAdapter(deviceCert);
    }).onComplete(ctx.failing(t -> {
        // THEN the connection is not established
        ctx.verify(() -> assertThat(t).isInstanceOf(SaslException.class));
        ctx.completeNow();
    }));
}

Example 42 with Adapter

use of org.eclipse.hono.util.Adapter in project hono by eclipse.

the class AmqpConnectionIT method testConnectFailsIfAutoProvisioningIsDisabled.

/**
 * Verifies that the adapter rejects connection attempts from an unknown device for which auto-provisioning is
 * disabled.
 *
 * @param ctx The test context
 */
@Test
public void testConnectFailsIfAutoProvisioningIsDisabled(final VertxTestContext ctx) {
    final String tenantId = helper.getRandomTenantId();
    final SelfSignedCertificate deviceCert = SelfSignedCertificate.create(UUID.randomUUID().toString());
    // GIVEN a tenant configured with a trust anchor that does not allow auto-provisioning
    helper.getCertificate(deviceCert.certificatePath()).compose(cert -> {
        final var tenant = Tenants.createTenantForTrustAnchor(cert);
        tenant.getTrustedCertificateAuthorities().get(0).setAutoProvisioningEnabled(false);
        return helper.registry.addTenant(tenantId, tenant);
    }).compose(ok -> connectToAdapter(deviceCert)).onComplete(ctx.failing(t -> {
        // THEN the connection is refused
        ctx.verify(() -> assertThat(t).isInstanceOf(SaslException.class));
        ctx.completeNow();
    }));
}

Example 43 with Adapter

use of org.eclipse.hono.util.Adapter in project hono by eclipse.

the class AmqpConnectionIT method testConnectFailsForUnsupportedTlsSecurityParameters.

/**
 * Verifies that the adapter rejects a connection attempt from a registered device if the device uses an unsupported
 * set of TLS security parameters.
 *
 * @param tlsVersion The TLS protocol version to use for connecting to the adapter.
 * @param cipherSuite The TLS cipher suite to use for connecting to the adapter.
 * @param ctx The test context
 */
@ParameterizedTest(name = IntegrationTestSupport.PARAMETERIZED_TEST_NAME_PATTERN)
@CsvSource(value = { IntegrationTestSupport.TLS_VERSION_1_2 + ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", IntegrationTestSupport.TLS_VERSION_1_3 + ",TLS_AES_256_GCM_SHA384" })
public void testConnectFailsForUnsupportedTlsSecurityParameters(final String tlsVersion, final String cipherSuite, final VertxTestContext ctx) {
    // GIVEN a client that is configured to use a combination of TLS version and cipher suite
    // that is not supported by the AMQP adapter
    final String tenantId = helper.getRandomTenantId();
    final String deviceId = helper.getRandomDeviceId(tenantId);
    final String password = "secret";
    final Tenant tenant = new Tenant();
    helper.registry.addDeviceForTenant(tenantId, tenant, deviceId, password).compose(ok -> connectToAdapter(tlsVersion, cipherSuite, IntegrationTestSupport.getUsername(deviceId, tenantId), password)).onComplete(ctx.failing(t -> {
        // THEN the TLS handshake fails
        ctx.verify(() -> assertThat(t).isInstanceOf(SSLHandshakeException.class));
        ctx.completeNow();
    }));
}

Example 44 with Adapter

use of org.eclipse.hono.util.Adapter in project hono by eclipse.

the class AmqpConnectionIT method testConnectFailsForInvalidUsernamePattern.

/**
 * Verifies that the AMQP Adapter will fail to authenticate a device whose username does not match the expected pattern
 * {@code [<authId>@<tenantId>]}.
 *
 * @param ctx The Vert.x test context.
 */
@Test
public void testConnectFailsForInvalidUsernamePattern(final VertxTestContext ctx) {
    // GIVEN an adapter with a registered device
    final String tenantId = helper.getRandomTenantId();
    final String deviceId = helper.getRandomDeviceId(tenantId);
    final String password = "secret";
    final Tenant tenant = new Tenant();
    helper.registry.addDeviceForTenant(tenantId, tenant, deviceId, password).compose(ok -> connectToAdapter(deviceId, password)).onComplete(ctx.failing(t -> {
        // THEN the SASL handshake fails
        ctx.verify(() -> assertThat(t).isInstanceOf(SaslException.class));
        ctx.completeNow();
    }));
}

Example 45 with Adapter

use of org.eclipse.hono.util.Adapter in project hono by eclipse.

the class AmqpConnectionIT method testConnectX509SucceedsUsingSni.

/**
 * Verifies that an attempt to open a connection using a valid X.509 client certificate succeeds
 * for a device belonging to a tenant that uses the same trust anchor as another tenant.
 *
 * @param tlsVersion The TLS protocol version to use for connecting to the adapter.
 * @param ctx The test context
 */
@ParameterizedTest(name = IntegrationTestSupport.PARAMETERIZED_TEST_NAME_PATTERN)
@ValueSource(strings = { IntegrationTestSupport.TLS_VERSION_1_2, IntegrationTestSupport.TLS_VERSION_1_3 })
public void testConnectX509SucceedsUsingSni(final String tlsVersion, final VertxTestContext ctx) {
    assumeTrue(IntegrationTestSupport.isTrustAnchorGroupsSupported(), "device registry does not support trust anchor groups");
    final String tenantId = helper.getRandomTenantId();
    final String deviceId = helper.getRandomDeviceId(tenantId);
    final SelfSignedCertificate deviceCert = SelfSignedCertificate.create(deviceId + ".iot.eclipse.org");
    helper.getCertificate(deviceCert.certificatePath()).compose(cert -> helper.registry.addTenant(helper.getRandomTenantId(), Tenants.createTenantForTrustAnchor(cert).setTrustAnchorGroup("test-group")).map(cert)).compose(cert -> helper.registry.addDeviceForTenant(tenantId, Tenants.createTenantForTrustAnchor(cert).setTrustAnchorGroup("test-group"), deviceId, cert)).compose(ok -> connectToAdapter(tenantId + "." + IntegrationTestSupport.AMQP_HOST, deviceCert, tlsVersion)).onComplete(ctx.succeeding(con -> {
        ctx.verify(() -> assertThat(con.isDisconnected()).isFalse());
        ctx.completeNow();
    }));
}