Package org.eclipse.hono.adapter.mqtt
Class X509AuthHandler
- java.lang.Object
-
- org.eclipse.hono.adapter.auth.device.ExecutionContextAuthHandler<MqttConnectContext>
-
- org.eclipse.hono.adapter.mqtt.X509AuthHandler
-
- All Implemented Interfaces:
AuthHandler<MqttConnectContext>
public class X509AuthHandler extends ExecutionContextAuthHandler<MqttConnectContext>
A handler for authenticating an MQTT client using an X.509 client certificate.On successful validation of the certificate, its subject DN is used to retrieve X.509 credentials for the device in order to determine the corresponding device identifier.
-
-
Field Summary
-
Fields inherited from class org.eclipse.hono.adapter.auth.device.ExecutionContextAuthHandler
log, PROPERTY_CLIENT_IDENTIFIER
-
-
Constructor Summary
Constructors Constructor Description X509AuthHandler(X509Authentication clientAuth, DeviceCredentialsAuthProvider<SubjectDnCredentials> authProvider)Creates a new handler.X509AuthHandler(X509Authentication clientAuth, DeviceCredentialsAuthProvider<SubjectDnCredentials> authProvider, PreCredentialsValidationHandler<MqttConnectContext> preCredentialsValidationHandler)Creates a new handler.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description io.vertx.core.Future<io.vertx.core.json.JsonObject>parseCredentials(MqttConnectContext context)Validates a client certificate and extracts credentials from it.-
Methods inherited from class org.eclipse.hono.adapter.auth.device.ExecutionContextAuthHandler
authenticateDevice, getAuthProvider
-
-
-
-
Constructor Detail
-
X509AuthHandler
public X509AuthHandler(X509Authentication clientAuth, DeviceCredentialsAuthProvider<SubjectDnCredentials> authProvider)
Creates a new handler.- Parameters:
clientAuth- The service to use for validating the client's certificate path.authProvider- The authentication provider to use for verifying the device identity.- Throws:
NullPointerException- if client auth isnull.
-
X509AuthHandler
public X509AuthHandler(X509Authentication clientAuth, DeviceCredentialsAuthProvider<SubjectDnCredentials> authProvider, PreCredentialsValidationHandler<MqttConnectContext> preCredentialsValidationHandler)
Creates a new handler.- Parameters:
clientAuth- The service to use for validating the client's certificate path.authProvider- The authentication provider to use for verifying the device identity.preCredentialsValidationHandler- An optional handler to invoke after the credentials got determined and before they get validated. Can be used to perform checks using the credentials and tenant information before the potentially expensive credentials validation is done. A failed future returned by the handler will fail the corresponding authentication attempt.- Throws:
NullPointerException- if client auth isnull.
-
-
Method Detail
-
parseCredentials
public io.vertx.core.Future<io.vertx.core.json.JsonObject> parseCredentials(MqttConnectContext context)
Validates a client certificate and extracts credentials from it.The JSON object returned will contain
- the subject DN of the validated client certificate in the "subject-dn" property,
- the tenant that the device belongs to in the "tenant-id" property and
- the device's MQTT client identifier in the "client-id" property
- Parameters:
context- The MQTT context for the client's CONNECT packet.- Returns:
- A future indicating the outcome of the operation.
The future will succeed with the client's credentials extracted from the CONNECT packet
or it will fail with a
ServiceInvocationExceptionindicating the cause of the failure. - Throws:
NullPointerException- if the context isnullIllegalArgumentException- if the context does not contain an MQTT endpoint.
-
-