private HonoClientBasedAuthProvider<UsernamePasswordCredentials> getUsernamePasswordAuthProvider() { if (usernamePasswordAuthProvider == null) { usernamePasswordAuthProvider = new UsernamePasswordAuthProvider(credentialsServiceClient, config, tracer); } return usernamePasswordAuthProvider; }
@Override public void parseCredentials(final RoutingContext context, final Handler<AsyncResult<JsonObject>> handler) { // iterate all possible authN iterate(0, context, null, handler); }
private DeviceCertificateValidator getValidator() { if (certValidator == null) { certValidator = new DeviceCertificateValidator(); } return certValidator; } }
/** * Verifies that for single tenant mode, the tenant is automatically set to {@link Constants#DEFAULT_TENANT}. */ @Test public void testTenantFromUserSingleTenant() { final UsernamePasswordCredentials mqttUsernamePassword = UsernamePasswordCredentials.create(TEST_USER, TEST_PASSWORD, true); assertEquals(CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, mqttUsernamePassword.getType()); assertEquals(Constants.DEFAULT_TENANT, mqttUsernamePassword.getTenantId()); assertEquals(TEST_USER, mqttUsernamePassword.getAuthId()); assertEquals(TEST_PASSWORD, mqttUsernamePassword.getPassword()); } }
/** * Creates the default auth handler to use for authenticating devices. * <p> * This default implementation creates a {@link ChainAuthHandler} consisting of * an {@link X509AuthHandler} and a {@link ConnectPacketAuthHandler} instance. * <p> * Subclasses may either set the auth handler expicitly using * {@link #setAuthHandler(AuthHandler)} or override this method in order to * create a custom auth handler. * * @return The handler. */ protected AuthHandler<MqttContext> createAuthHandler() { return new ChainAuthHandler<MqttContext>() .append(new X509AuthHandler( new TenantServiceBasedX509Authentication(getTenantServiceClient(), tracer), new X509AuthProvider(getCredentialsServiceClient(), getConfig(), tracer))) .append(new ConnectPacketAuthHandler( new UsernamePasswordAuthProvider( getCredentialsServiceClient(), getConfig(), tracer))); }
/** * Retrieves credentials from the Credentials service. * * @param deviceCredentials The credentials provided by the device. * @return A future containing the credentials on record as retrieved from * Hono's <em>Credentials</em> API. * @throws NullPointerException if device credentials is {@code null}. */ protected final Future<CredentialsObject> getCredentialsForDevice(final DeviceCredentials deviceCredentials) { Objects.requireNonNull(deviceCredentials); if (credentialsServiceClient == null) { return Future.failedFuture(new IllegalStateException("Credentials API client is not set")); } else { return getCredentialsClient(deviceCredentials.getTenantId()).compose(client -> client.get(deviceCredentials.getType(), deviceCredentials.getAuthId())); } }
/** * Verifies that if no tenantId is present in the username, the created object for multi tenant mode is null. */ @Test public void testTenantFromUserMultiTenantWrongUsername() { final UsernamePasswordCredentials mqttUserNamePassword = UsernamePasswordCredentials.create(TEST_USER, TEST_PASSWORD, false); assertNull(mqttUserNamePassword); }
/** * Creates credentials for a tenant and subject DN. * * @param tenantId The tenant that the device belongs to. * @param subjectDn The subject DN of the device's client certificate. * @return The credentials. * @throws NullPointerException if any of the parameters are {@code null}. */ public static SubjectDnCredentials create(final String tenantId, final String subjectDn) { Objects.requireNonNull(tenantId); Objects.requireNonNull(subjectDn); return create(tenantId, new X500Principal(subjectDn)); }
private HonoClientBasedAuthProvider<SubjectDnCredentials> getCertificateAuthProvider() { if (clientCertAuthProvider == null) { clientCertAuthProvider = new X509AuthProvider(credentialsServiceClient, config, tracer); } return clientCertAuthProvider; }
private void authorizeUser(final RoutingContext ctx, final User user) { authorize(user, authZ -> { if (authZ.failed()) { processException(ctx, authZ.cause()); return; } // success, allowed to continue ctx.next(); }); }
/** * Creates credentials for a tenant and subject DN. * * @param tenantId The tenant that the device belongs to. * @param subjectDn The subject DN of the device's client certificate. * @return The credentials. * @throws NullPointerException if any of the parameters are {@code null}. */ public static SubjectDnCredentials create(final String tenantId, final X500Principal subjectDn) { Objects.requireNonNull(tenantId); Objects.requireNonNull(subjectDn); return new SubjectDnCredentials(tenantId, subjectDn.getName(X500Principal.RFC2253)); }
private Future<DeviceUser> authenticate(final MqttContext connectContext, final Span currentSpan) { return authHandler.authenticateDevice(connectContext); }
@Override protected Future<Device> doValidateCredentials( final SubjectDnCredentials deviceCredentials, final CredentialsObject credentialsOnRecord) { return Future.succeededFuture(new Device(deviceCredentials.getTenantId(), credentialsOnRecord.getDeviceId())); } }
/** * Verifies that the provider fails to authenticate a device when not * running on a vert.x Context. * * @param ctx The vert.x test context. */ @Test public void testAuthenticateRequiresVertxContext(final TestContext ctx) { provider.authenticate(deviceCredentials, null, ctx.asyncAssertFailure(e -> { ctx.assertTrue(e instanceof IllegalStateException); })); }
/** * Verifies that in multi tenant mode, a username containing userId@tenantId leads to a correctly filled instance. */ @Test public void testTenantFromUserMultiTenant() { final UsernamePasswordCredentials mqttUsernamePassword = UsernamePasswordCredentials.create(TEST_USER_OTHER_TENANT, TEST_PASSWORD, false); assertEquals(CredentialsConstants.SECRETS_TYPE_HASHED_PASSWORD, mqttUsernamePassword.getType()); assertEquals(TEST_OTHER_TENANT, mqttUsernamePassword.getTenantId()); assertEquals(TEST_USER, mqttUsernamePassword.getAuthId()); assertEquals(TEST_PASSWORD, mqttUsernamePassword.getPassword()); }
/** * Verifies that if username does not comply to the structure authId@tenantId, the created object for multi tenant mode is null. */ @Test public void testTenantFromUserMultiTenantWrongUsernameStructure() { final UsernamePasswordCredentials mqttUserNamePassword = UsernamePasswordCredentials.create("user/tenant", TEST_PASSWORD, false); assertNull(mqttUserNamePassword); }
/** * Creates a new handler for an authentication provider and a * Tenant service client. * * @param authProvider The authentication provider to use for verifying * the device identity. * @param tenantServiceClient The client to use for determining the tenant * that the device belongs to. * @param tracer The tracer to use for tracking request processing * across process boundaries. * @throws NullPointerException if tenant client is {@code null}. */ public X509AuthHandler( final HonoClientBasedAuthProvider authProvider, final HonoClient tenantServiceClient, final Tracer tracer) { this(authProvider, tenantServiceClient, tracer, new DeviceCertificateValidator()); }
/** * Creates credentials for a tenant and subject DN. * * @param tenantId The tenant that the device belongs to. * @param subjectDn The subject DN of the device's client certificate. * @return The credentials. * @throws NullPointerException if any of the parameters are {@code null}. */ public static SubjectDnCredentials create(final String tenantId, final String subjectDn) { Objects.requireNonNull(tenantId); Objects.requireNonNull(subjectDn); return create(tenantId, new X500Principal(subjectDn)); }
/** * Creates credentials for a tenant and subject DN. * * @param tenantId The tenant that the device belongs to. * @param subjectDn The subject DN of the device's client certificate. * @return The credentials. * @throws NullPointerException if any of the parameters are {@code null}. */ public static SubjectDnCredentials create(final String tenantId, final X500Principal subjectDn) { Objects.requireNonNull(tenantId); Objects.requireNonNull(subjectDn); return new SubjectDnCredentials(tenantId, subjectDn.getName(X500Principal.RFC2253)); }
/** * Creates a new instance for a Tenant service client. * * @param tenantServiceClient The client to use for retrieving Tenant information. * @param tracer The <em>OpenTracing</em> tracer to use for tracking the process of * authenticating the client. */ public TenantServiceBasedX509Authentication( final HonoClient tenantServiceClient, final Tracer tracer) { this(tenantServiceClient, NoopTracerFactory.create(), new DeviceCertificateValidator()); }