Examples with ResourceIdentifier org.eclipse.hono.util.ResourceIdentifier used on opensource projects

Example 26 with ResourceIdentifier

use of org.eclipse.hono.util.ResourceIdentifier in project hono by eclipse.

the class AbstractProtocolAdapterBaseTest method testValidateAddressUsesDeviceIdentityForAddressWithoutTenant.

/**
 * Verifies that the adapter uses an authenticated device's identity when validating an
 * address without a tenant ID.
 *
 * @param ctx The vert.x test context.
 */
@Test
public void testValidateAddressUsesDeviceIdentityForAddressWithoutTenant(final VertxTestContext ctx) {
    // WHEN an authenticated device publishes a message to an address that does not contain a tenant ID
    final Device authenticatedDevice = new Device("my-tenant", "4711");
    final ResourceIdentifier address = ResourceIdentifier.from(TelemetryConstants.TELEMETRY_ENDPOINT, "", "4712");
    adapter.validateAddress(address, authenticatedDevice).onComplete(ctx.succeeding(r -> ctx.verify(() -> {
        // THEN the validated address contains the authenticated device's tenant and device ID
        assertEquals("my-tenant", r.getTenantId());
        assertEquals("4712", r.getResourceId());
        ctx.completeNow();
    })));
}

Example 27 with ResourceIdentifier

use of org.eclipse.hono.util.ResourceIdentifier in project hono by eclipse.

the class VertxBasedAmqpProtocolAdapter method openCommandSenderLink.

private Future<CommandConsumer> openCommandSenderLink(final ProtonConnection connection, final ProtonSender sender, final ResourceIdentifier address, final Device authenticatedDevice, final Span span, final OptionalInt traceSamplingPriority) {
    return createCommandConsumer(sender, address, authenticatedDevice, span).map(consumer -> {
        final String tenantId = address.getTenantId();
        final String deviceId = address.getResourceId();
        sender.setSource(sender.getRemoteSource());
        sender.setTarget(sender.getRemoteTarget());
        sender.setQoS(ProtonQoS.AT_LEAST_ONCE);
        final Handler<AsyncResult<ProtonSender>> detachHandler = link -> {
            final Span detachHandlerSpan = newSpan("detach device command receiver link", authenticatedDevice, traceSamplingPriority);
            removeCommandSubscription(connection, address.toString());
            onLinkDetach(sender);
            closeCommandConsumer(consumer, address, authenticatedDevice, true, detachHandlerSpan).onComplete(v -> detachHandlerSpan.finish());
        };
        HonoProtonHelper.setCloseHandler(sender, detachHandler);
        HonoProtonHelper.setDetachHandler(sender, detachHandler);
        sender.open();
        // At this point, the remote peer's receiver link is successfully opened and is ready to receive
        // commands. Send "device ready for command" notification downstream.
        log.debug("established link [address: {}] for sending commands to device", address);
        sendConnectedTtdEvent(tenantId, deviceId, authenticatedDevice, span.context());
        registerCommandSubscription(connection, new CommandSubscription(consumer, address));
        return consumer;
    }).recover(t -> Future.failedFuture(new ServerErrorException(HttpURLConnection.HTTP_UNAVAILABLE, "cannot create command consumer")));
}

Example 28 with ResourceIdentifier

use of org.eclipse.hono.util.ResourceIdentifier in project hono by eclipse.

the class AbstractRequestResponseEndpointTest method getEndpoint.

private AbstractRequestResponseEndpoint<ServiceConfigProperties> getEndpoint() {
    final AbstractRequestResponseEndpoint<ServiceConfigProperties> endpoint = new AbstractRequestResponseEndpoint<>(vertx) {

        @Override
        public String getName() {
            return "test";
        }

        @Override
        protected boolean passesFormalVerification(final ResourceIdentifier targetAddress, final Message message) {
            return formalMessageVerification.apply(targetAddress, message);
        }

        @Override
        protected Future<Message> handleRequestMessage(final Message requestMessage, final ResourceIdentifier targetAddress, final SpanContext spanContext) {
            return requestMessageHandler.apply(requestMessage, targetAddress);
        }
    };
    endpoint.setConfiguration(new ServiceConfigProperties());
    endpoint.setAuthorizationService(authService);
    return endpoint;
}

Example 29 with ResourceIdentifier

use of org.eclipse.hono.util.ResourceIdentifier in project hono by eclipse.

the class SimpleAuthenticationServer method handleSenderOpen.

/**
 * Handles a request from a client to establish a link for receiving messages from this server.
 *
 * @param con the connection to the client.
 * @param sender the sender created for the link.
 */
@Override
protected void handleSenderOpen(final ProtonConnection con, final ProtonSender sender) {
    final Source remoteSource = sender.getRemoteSource();
    LOG.debug("client [{}] wants to open a link for receiving messages [address: {}]", con.getRemoteContainer(), remoteSource);
    if (!ResourceIdentifier.isValid(remoteSource.getAddress())) {
        handleUnknownEndpoint(con, sender, remoteSource.getAddress());
        return;
    }
    final ResourceIdentifier targetResource = ResourceIdentifier.fromString(remoteSource.getAddress());
    final AmqpEndpoint endpoint = getEndpoint(targetResource);
    if (endpoint == null) {
        handleUnknownEndpoint(con, sender, targetResource.toString());
    } else {
        final HonoUser user = Constants.getClientPrincipal(con);
        if (Constants.SUBJECT_ANONYMOUS.equals(user.getName())) {
            con.setCondition(ProtonHelper.condition(AmqpError.UNAUTHORIZED_ACCESS, "client must authenticate using SASL")).close();
        } else {
            sender.setSource(sender.getRemoteSource());
            endpoint.onLinkAttach(con, sender, targetResource);
        }
    }
}

Example 30 with ResourceIdentifier

use of org.eclipse.hono.util.ResourceIdentifier in project hono by eclipse.

the class AmqpServiceBaseTest method testHandleReceiverOpenRejectsUnauthorizedClient.

/**
 * Verifies that the service rejects sender links on resources that
 * the client is not authorized to write to.
 */
@Test
public void testHandleReceiverOpenRejectsUnauthorizedClient() {
    // GIVEN a server with a endpoint
    final ResourceIdentifier restrictedTargetAddress = ResourceIdentifier.from(ENDPOINT, "RESTRICTED_TENANT", null);
    final AmqpEndpoint endpoint = mock(AmqpEndpoint.class);
    when(endpoint.getName()).thenReturn(ENDPOINT);
    final AuthorizationService authService = mock(AuthorizationService.class);
    when(authService.isAuthorized(Constants.PRINCIPAL_ANONYMOUS, restrictedTargetAddress, Activity.WRITE)).thenReturn(Future.succeededFuture(Boolean.FALSE));
    final AmqpServiceBase<ServiceConfigProperties> server = createServer(endpoint);
    server.setAuthorizationService(authService);
    // WHEN a client connects to the server using a address for a tenant it is not authorized to write to
    final Target target = getTarget(restrictedTargetAddress);
    final ProtonReceiver receiver = mock(ProtonReceiver.class);
    when(receiver.getRemoteTarget()).thenReturn(target);
    when(receiver.setCondition(any())).thenReturn(receiver);
    server.handleReceiverOpen(newConnection(Constants.PRINCIPAL_ANONYMOUS), receiver);
    // THEN the server closes the link with the client
    verify(receiver).close();
}