Examples with CredentialsObject org.eclipse.hono.util.CredentialsObject used on opensource projects

Example 11 with CredentialsObject

use of org.eclipse.hono.util.CredentialsObject in project hono by eclipse.

the class CredentialsApiTests method testGetCredentialsSucceedsForNonExistingClientContext.

/**
 * Verifies that a request for credentials using a client context succeeds if the credentials on record
 * do not have any extension properties with keys matching the provided client context.
 *
 * @param ctx The vert.x test context.
 */
@Timeout(value = 5, timeUnit = TimeUnit.SECONDS)
@Test
public void testGetCredentialsSucceedsForNonExistingClientContext(final VertxTestContext ctx) {
    final String deviceId = getHelper().getRandomDeviceId(tenantId);
    final String authId = UUID.randomUUID().toString();
    final CommonCredential credentials = getRandomHashedPasswordCredential(authId).putExtension("other", "property");
    final JsonObject clientContext = new JsonObject().put("client-id", "gateway-one");
    getHelper().registry.registerDevice(tenantId, deviceId).compose(httpResponse -> getHelper().registry.addCredentials(tenantId, deviceId, List.of(credentials))).compose(httpResponse -> getClient().get(tenantId, CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, authId, clientContext, spanContext)).onComplete(ctx.succeeding(credentialsObject -> {
        ctx.verify(() -> {
            assertThat(credentialsObject.getSecrets()).isNotEmpty();
        });
        ctx.completeNow();
    }));
}

Example 12 with CredentialsObject

use of org.eclipse.hono.util.CredentialsObject in project hono by eclipse.

the class CredentialsApiAuthProvider method validateCredentials.

/**
 * Verifies that the credentials provided by a device during the authentication
 * process match the credentials on record for that device.
 *
 * @param deviceCredentials The credentials provided by the device.
 * @param credentialsOnRecord The credentials to match against.
 * @param spanContext The OpenTracing context to use for tracking the operation.
 * @return A future that is succeeded with the authenticated device if the
 *         credentials have been validated successfully. Otherwise, the
 *         future is failed with a {@link ServiceInvocationException}.
 */
private Future<Device> validateCredentials(final T deviceCredentials, final CredentialsObject credentialsOnRecord, final SpanContext spanContext) {
    final Span currentSpan = TracingHelper.buildServerChildSpan(tracer, spanContext, "validate credentials", getClass().getSimpleName()).withTag(MessageHelper.APP_PROPERTY_TENANT_ID, deviceCredentials.getTenantId()).withTag(TracingHelper.TAG_AUTH_ID.getKey(), deviceCredentials.getAuthId()).withTag(TracingHelper.TAG_CREDENTIALS_TYPE.getKey(), deviceCredentials.getType()).start();
    final Promise<Device> result = Promise.promise();
    if (!deviceCredentials.getAuthId().equals(credentialsOnRecord.getAuthId())) {
        currentSpan.log(String.format("Credentials service returned wrong credentials-on-record [auth-id: %s]", credentialsOnRecord.getAuthId()));
        result.fail(new ServerErrorException(HttpURLConnection.HTTP_INTERNAL_ERROR));
    } else if (!deviceCredentials.getType().equals(credentialsOnRecord.getType())) {
        currentSpan.log(String.format("Credentials service returned wrong credentials-on-record [type: %s]", credentialsOnRecord.getType()));
        result.fail(new ServerErrorException(HttpURLConnection.HTTP_INTERNAL_ERROR));
    } else if (!credentialsOnRecord.isEnabled()) {
        currentSpan.log("credentials-on-record are disabled");
        result.fail(new ClientErrorException(HttpURLConnection.HTTP_UNAUTHORIZED));
    } else {
        doValidateCredentials(deviceCredentials, credentialsOnRecord).onComplete(result);
    }
    return result.future().map(device -> {
        currentSpan.log("validation of credentials succeeded");
        currentSpan.finish();
        return device;
    }).recover(t -> {
        currentSpan.log("validation of credentials failed");
        TracingHelper.logError(currentSpan, t);
        currentSpan.finish();
        return Future.failedFuture(t);
    });
}

Example 13 with CredentialsObject

use of org.eclipse.hono.util.CredentialsObject in project hono by eclipse.

the class FileBasedCredentialsServiceTest method testLoadCredentialsCanReadOutputOfSaveToFile.

/**
 * Verifies that the file written by the registry when persisting the registry's contents can
 * be loaded in again.
 *
 * @param ctx The vert.x test context.
 */
@SuppressWarnings({ "unchecked", "rawtypes" })
@Test
public void testLoadCredentialsCanReadOutputOfSaveToFile(final TestContext ctx) {
    // GIVEN a service configured to persist credentials to file
    // that contains some credentials
    props.setFilename(FILE_NAME);
    props.setSaveToFile(true);
    when(fileSystem.existsBlocking(FILE_NAME)).thenReturn(Boolean.TRUE);
    final Async add = ctx.async(2);
    final CredentialsObject hashedPassword = CredentialsObject.fromHashedPassword("4700", "bumlux", "secret", "sha-512", null, null, null);
    final CredentialsObject psk = CredentialsObject.fromPresharedKey("4711", "sensor1", "sharedkey".getBytes(StandardCharsets.UTF_8), null, null);
    svc.add(Constants.DEFAULT_TENANT, JsonObject.mapFrom(psk), ctx.asyncAssertSuccess(s -> {
        ctx.assertEquals(HttpURLConnection.HTTP_CREATED, s.getStatus());
        add.countDown();
    }));
    svc.add("OTHER_TENANT", JsonObject.mapFrom(hashedPassword), ctx.asyncAssertSuccess(s -> {
        ctx.assertEquals(HttpURLConnection.HTTP_CREATED, s.getStatus());
        add.countDown();
    }));
    add.await(2000);
    // WHEN saving the registry content to the file and clearing the registry
    final Async write = ctx.async();
    doAnswer(invocation -> {
        Handler handler = invocation.getArgument(2);
        handler.handle(Future.succeededFuture());
        write.complete();
        return null;
    }).when(fileSystem).writeFile(eq(FILE_NAME), any(Buffer.class), any(Handler.class));
    svc.saveToFile();
    write.await(2000);
    ArgumentCaptor<Buffer> buffer = ArgumentCaptor.forClass(Buffer.class);
    verify(fileSystem).writeFile(eq(FILE_NAME), buffer.capture(), any(Handler.class));
    svc.clear();
    assertNotRegistered(svc, Constants.DEFAULT_PATH_SEPARATOR, "sensor1", CredentialsConstants.SECRETS_TYPE_PRESHARED_KEY, ctx);
    // THEN the credentials can be loaded back in from the file
    final Async read = ctx.async();
    doAnswer(invocation -> {
        Handler handler = invocation.getArgument(1);
        handler.handle(Future.succeededFuture(buffer.getValue()));
        read.complete();
        return null;
    }).when(fileSystem).readFile(eq(FILE_NAME), any(Handler.class));
    svc.loadCredentials();
    read.await(2000);
    assertRegistered(svc, Constants.DEFAULT_TENANT, "sensor1", CredentialsConstants.SECRETS_TYPE_PRESHARED_KEY, ctx);
    assertRegistered(svc, "OTHER_TENANT", "bumlux", CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, ctx);
}

Example 14 with CredentialsObject

use of org.eclipse.hono.util.CredentialsObject in project hono by eclipse.

the class BaseCredentialsService method processAddRequest.

private Future<EventBusMessage> processAddRequest(final EventBusMessage request) {
    final String tenantId = request.getTenant();
    final CredentialsObject payload = Optional.ofNullable(request.getJsonPayload()).map(json -> json.mapTo(CredentialsObject.class)).orElse(null);
    if (tenantId == null || payload == null) {
        return Future.failedFuture(new ClientErrorException(HttpURLConnection.HTTP_BAD_REQUEST));
    } else if (payload.isValid()) {
        final Future<CredentialsResult<JsonObject>> result = Future.future();
        add(tenantId, JsonObject.mapFrom(payload), result.completer());
        return result.map(res -> {
            return request.getResponse(res.getStatus()).setDeviceId(payload.getDeviceId()).setCacheDirective(res.getCacheDirective());
        });
    } else {
        return Future.failedFuture(new ClientErrorException(HttpURLConnection.HTTP_BAD_REQUEST));
    }
}

Example 15 with CredentialsObject

use of org.eclipse.hono.util.CredentialsObject in project hono by eclipse.

the class AbstractDeviceCredentialsTest method testValidateFailsIfCredentialsAreDisabled.

/**
 * Verifies that credentials validation fails if the credentials on record are disabled.
 */
@Test
public void testValidateFailsIfCredentialsAreDisabled() {
    final AbstractDeviceCredentials creds = getDeviceCredentials("type", "identity", true);
    final CredentialsObject credentialsOnRecord = getCredentialsObject("type", "identity", "device", false).addSecret(CredentialsObject.emptySecret(Instant.now().minusSeconds(120), null));
    assertFalse(creds.validate(credentialsOnRecord));
}