private DeviceCertificateValidator getValidator() { if (certValidator == null) { certValidator = new DeviceCertificateValidator(); } return certValidator; } }
try { final TrustAnchor trustAnchor = tenant.getTrustAnchor(); return certPathValidator.validate(chainToValidate, trustAnchor); } catch (final GeneralSecurityException e) { return Future.failedFuture(e);
try { final TrustAnchor trustAnchor = tenantTracker.result().getTrustAnchor(); return getValidator().validate(Collections.singletonList(deviceCert), trustAnchor); } catch(final GeneralSecurityException e) { return Future.failedFuture(e);
/** * Creates a new handler for an authentication provider and a * Tenant service client. * * @param authProvider The authentication provider to use for verifying * the device identity. * @param tenantServiceClient The client to use for determining the tenant * that the device belongs to. * @param tracer The tracer to use for tracking request processing * across process boundaries. * @throws NullPointerException if tenant client is {@code null}. */ public X509AuthHandler( final HonoClientBasedAuthProvider authProvider, final HonoClient tenantServiceClient, final Tracer tracer) { this(authProvider, tenantServiceClient, tracer, new DeviceCertificateValidator()); }
final TrustAnchor trustAnchor = tenant.getTrustAnchor(); final List<X509Certificate> chainToValidate = Collections.singletonList(deviceCert); return certPathValidator.validate(chainToValidate, trustAnchor) .recover(t -> Future.failedFuture(UNAUTHORIZED)); } catch (final GeneralSecurityException e) {
/** * Creates a new instance for a Tenant service client. * * @param tenantServiceClient The client to use for retrieving Tenant information. * @param tracer The <em>OpenTracing</em> tracer to use for tracking the process of * authenticating the client. */ public TenantServiceBasedX509Authentication( final HonoClient tenantServiceClient, final Tracer tracer) { this(tenantServiceClient, NoopTracerFactory.create(), new DeviceCertificateValidator()); }