/** * Checks if this adapter is enabled for a given tenant. * * @param tenantConfig The tenant to check for. * @return A succeeded future if this adapter is enabled for the tenant. * Otherwise the future will be failed with a {@link ClientErrorException}. */ protected final Future<TenantObject> isAdapterEnabled(final TenantObject tenantConfig) { if (tenantConfig.isAdapterEnabled(getTypeName())) { LOG.debug("protocol adapter [{}] is enabled for tenant [{}]", getTypeName(), tenantConfig.getTenantId()); return Future.succeededFuture(tenantConfig); } else { LOG.debug("protocol adapter [{}] is disabled for tenant [{}]", getTypeName(), tenantConfig.getTenantId()); return Future.failedFuture(new ClientErrorException(HttpURLConnection.HTTP_FORBIDDEN, "adapter disabled for tenant")); } }
/** * Creates a TenantObject for a tenantId and the enabled property. * * @param tenantId The tenant for which the object is constructed. * @param enabled {@code true} if the tenant shall be enabled. * @return The TenantObject. * @throws NullPointerException if any of tenantId or enabled is {@code null}. */ public static TenantObject from(final String tenantId, final Boolean enabled) { Objects.requireNonNull(tenantId); Objects.requireNonNull(enabled); final TenantObject result = new TenantObject(); result.setTenantId(tenantId); result.setEnabled(enabled); return result; }
/** * Gets a property value. * * @param name The property name. * @param <T> The type of the property. * @return The property value or {@code null} if not set. * @throws NullPointerException if name is {@code null}. */ public <T> T getProperty(final String name) { return getProperty(json, name); }
return trustAnchor; } else { final X509Certificate cert = getTrustedCertificateAuthority(); if (cert != null) { trustAnchor = new TrustAnchor(cert, null); return trustAnchor; } else { return getTrustAnchorForPublicKey(getProperty(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA));
final int maxTtd = Optional.ofNullable(getAdapterConfiguration(typeName)).map(conf -> { return Optional.ofNullable(getProperty(conf, TenantConstants.FIELD_MAX_TTD)).map(obj -> { return (Integer) obj; }).orElse(TenantConstants.DEFAULT_MAX_TTD); }).orElse(Optional.ofNullable(getProperty(TenantConstants.FIELD_MAX_TTD)).map(obj -> { return (Integer) obj; }).orElse(TenantConstants.DEFAULT_MAX_TTD));
tenantTracker .compose(tenant -> { if (!tenant.isAdapterEnabled(Constants.PROTOCOL_ADAPTER_TYPE_AMQP)) { return Future.failedFuture(new CredentialException( String.format("AMQP adapter is disabled for Tenant [tenantId: %s]", tenant.getTenantId()))); .compose(ok -> { try { final TrustAnchor trustAnchor = tenantTracker.result().getTrustAnchor(); return getValidator().validate(Collections.singletonList(deviceCert), trustAnchor); } catch(final GeneralSecurityException e) { final String tenantId = tenantTracker.result().getTenantId(); final SubjectDnCredentials credentials = SubjectDnCredentials.create(tenantId, deviceCert.getSubjectX500Principal()); getCertificateAuthProvider().authenticate(credentials, currentSpan.context(), completer);
if (tenantConfigTracker.result().isAdapterEnabled(getTypeName())) { final MessageSender sender = senderTracker.result(); final Message msg = newMessage(
try { final TenantObject tenant = tenantSpec.mapTo(TenantObject.class); tenant.setTenantId(tenantId); final TenantObject conflictingTenant = getByCa(tenant.getTrustedCaSubjectDn()); if (conflictingTenant != null && !tenantId.equals(conflictingTenant.getTenantId())) {
private void addTenant(final JsonObject tenant) { try { final TenantObject tenantObject = tenant.mapTo(TenantObject.class); log.debug("loading tenant [{}]", tenantObject.getTenantId()); tenants.put(tenantObject.getTenantId(), tenantObject); } catch (final IllegalArgumentException e) { log.warn("cannot deserialize tenant", e); } }
/** * Verifies that the service finds an existing tenant by the subject DN of * its configured trusted certificate authority. * * @param ctx The vert.x test context. */ @Test public void testGetForCertificateAuthoritySucceeds(final TestContext ctx) { final X500Principal subjectDn = new X500Principal("O=Eclipse, OU=Hono, CN=ca"); final JsonObject trustedCa = new JsonObject() .put(TenantConstants.FIELD_PAYLOAD_SUBJECT_DN, subjectDn.getName(X500Principal.RFC2253)) .put(TenantConstants.FIELD_PAYLOAD_PUBLIC_KEY, "NOTAPUBLICKEY"); final JsonObject tenant = buildTenantPayload("tenant") .put(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA, trustedCa); addTenant("tenant", tenant).map(ok -> { getCompleteTenantService().get(subjectDn, null, ctx.asyncAssertSuccess(s -> { assertThat(s.getStatus(), is(HttpURLConnection.HTTP_OK)); final TenantObject obj = s.getPayload().mapTo(TenantObject.class); assertThat(obj.getTenantId(), is("tenant")); final JsonObject ca = obj.getProperty(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA); assertThat(ca, is(trustedCa)); })); return null; }); }
@Override public void get(final String tenantId, final Span span, final Handler<AsyncResult<TenantResult<JsonObject>>> resultHandler) { final TenantObject tenant = TenantObject.from(tenantId, true); tenant.setProperty("operation", "getById"); resultHandler.handle(Future.succeededFuture(TenantResult.from(HttpURLConnection.HTTP_OK, JsonObject.mapFrom(tenant)))); }
try { final TenantObject tenant = tenantSpec.mapTo(TenantObject.class); tenant.setTenantId(tenantId); final TenantObject conflictingTenant = getByCa(tenant.getTrustedCaSubjectDn()); if (conflictingTenant != null) {
.compose(tenant -> { try { final TrustAnchor trustAnchor = tenant.getTrustAnchor(); return certPathValidator.validate(chainToValidate, trustAnchor); } catch (final GeneralSecurityException e) {
/** * Sets the trusted certificate authority to use for authenticating * devices of this tenant. * * @param certificate The CA certificate. * @return This tenant for command chaining. * @throws NullPointerException if certificate is {@code null}. * @throws IllegalArgumentException if the certificate cannot be (binary) encoded. */ @JsonIgnore public TenantObject setTrustAnchor(final X509Certificate certificate) { Objects.requireNonNull(certificate); try { final JsonObject trustedCa = new JsonObject() .put(TenantConstants.FIELD_PAYLOAD_CERT, certificate.getEncoded()); setProperty(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA, trustedCa); return this; } catch (CertificateEncodingException e) { throw new IllegalArgumentException("cannot encode certificate"); } }
if (tenantConfigTracker.result().isAdapterEnabled(getTypeName())) { final MessageSender sender = senderTracker.result(); final Message msg = newMessage(
try { final TenantObject tenant = tenantSpec.mapTo(TenantObject.class); tenant.setTenantId(tenantId); final TenantObject conflictingTenant = getByCa(tenant.getTrustedCaSubjectDn()); if (conflictingTenant != null && !tenantId.equals(conflictingTenant.getTenantId())) {
private void addTenant(final JsonObject tenant) { try { final TenantObject tenantObject = tenant.mapTo(TenantObject.class); log.debug("loading tenant [{}]", tenantObject.getTenantId()); tenants.put(tenantObject.getTenantId(), tenantObject); } catch (final IllegalArgumentException e) { log.warn("cannot deserialize tenant", e); } }
@Override public void get(final String tenantId, final Span span, final Handler<AsyncResult<TenantResult<JsonObject>>> resultHandler) { final TenantObject tenant = TenantObject.from(tenantId, true); tenant.setProperty("operation", "getById"); resultHandler.handle(Future.succeededFuture(TenantResult.from(HttpURLConnection.HTTP_OK, JsonObject.mapFrom(tenant)))); }
return trustAnchor; } else { final X509Certificate cert = getTrustedCertificateAuthority(); if (cert != null) { trustAnchor = new TrustAnchor(cert, null); return trustAnchor; } else { return getTrustAnchorForPublicKey(getProperty(TenantConstants.FIELD_PAYLOAD_TRUSTED_CA));
final int maxTtd = Optional.ofNullable(getAdapterConfiguration(typeName)).map(conf -> { return Optional.ofNullable(getProperty(conf, TenantConstants.FIELD_MAX_TTD)).map(obj -> { return (Integer) obj; }).orElse(TenantConstants.DEFAULT_MAX_TTD); }).orElse(Optional.ofNullable(getProperty(TenantConstants.FIELD_MAX_TTD)).map(obj -> { return (Integer) obj; }).orElse(TenantConstants.DEFAULT_MAX_TTD));