Skip to content

Commit

Permalink
Bugfix/28007 config fixes (#689)
Browse files Browse the repository at this point in the history
* fix null fields

* make auth nullable again to avoid empty strings in the config that can not be parsed back.

* fix opcua test
  • Loading branch information
DC2-DanielKrueger authored Dec 11, 2024
1 parent 14cbfb9 commit 0875ec7
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 26 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package com.hivemq.edge.adapters.opcua.client;

import com.google.common.collect.ImmutableList;
import com.hivemq.edge.adapters.opcua.config.Auth;
import com.hivemq.edge.adapters.opcua.config.BasicAuth;
import com.hivemq.edge.adapters.opcua.config.Keystore;
import com.hivemq.edge.adapters.opcua.config.OpcUaSpecificAdapterConfig;
Expand Down Expand Up @@ -50,8 +51,8 @@ public class OpcUaClientConfigurator implements Function<OpcUaClientConfigBuilde
private final @NotNull OpcUaSpecificAdapterConfig adapterConfig;
private final @NotNull String adapterId;

public OpcUaClientConfigurator(final @NotNull OpcUaSpecificAdapterConfig adapterConfig,
final @NotNull String adapterId) {
public OpcUaClientConfigurator(
final @NotNull OpcUaSpecificAdapterConfig adapterConfig, final @NotNull String adapterId) {
this.adapterConfig = adapterConfig;
this.adapterId = adapterId;
}
Expand Down Expand Up @@ -112,10 +113,9 @@ public OpcUaClientConfigurator(final @NotNull OpcUaSpecificAdapterConfig adapter

private boolean checkAuthEnabled() {
//check that at least one auth method (Basic or X509) is enabled
return adapterConfig.getAuth() != null &&
(adapterConfig.getAuth().getBasicAuth() != null ||
(adapterConfig.getAuth().getX509Auth() != null &&
adapterConfig.getAuth().getX509Auth().isEnabled()));
final Auth auth = adapterConfig.getAuth();
return auth != null &&
(auth.getBasicAuth() != null || (auth.getX509Auth() != null && auth.getX509Auth().isEnabled()));
}

private void configureIdentityProvider(
Expand All @@ -124,16 +124,20 @@ private void configureIdentityProvider(
final @Nullable KeystoreUtil.KeyPairWithChain keyPairWithChain) {

final ImmutableList.Builder<IdentityProvider> identityProviderBuilder = ImmutableList.builder();
final X509Auth x509Auth = adapterConfig.getAuth().getX509Auth();
final boolean x509AuthEnabled = x509Auth != null && x509Auth.isEnabled();
if (x509AuthEnabled && tlsEnabled && keyPairWithChain != null) {
identityProviderBuilder.add(new X509IdentityProvider(Arrays.asList(keyPairWithChain.getCertificateChain()),
keyPairWithChain.getPrivateKey()));
}
final Auth auth = adapterConfig.getAuth();

if (auth != null) {
final X509Auth x509Auth = auth.getX509Auth();
final boolean x509AuthEnabled = x509Auth != null && x509Auth.isEnabled();
if (x509AuthEnabled && tlsEnabled && keyPairWithChain != null) {
identityProviderBuilder.add(new X509IdentityProvider(Arrays.asList(keyPairWithChain.getCertificateChain()),
keyPairWithChain.getPrivateKey()));
}

if (adapterConfig.getAuth().getBasicAuth() != null) {
final BasicAuth basicAuth = adapterConfig.getAuth().getBasicAuth();
identityProviderBuilder.add(new UsernameProvider(basicAuth.getUsername(), basicAuth.getPassword()));
if (auth.getBasicAuth() != null) {
final BasicAuth basicAuth = auth.getBasicAuth();
identityProviderBuilder.add(new UsernameProvider(basicAuth.getUsername(), basicAuth.getPassword()));
}
}

final ImmutableList<IdentityProvider> identityProviders = identityProviderBuilder.build();
Expand All @@ -145,7 +149,7 @@ private void configureIdentityProvider(
}

@NotNull
private DefaultClientCertificateValidator createServerCertificateValidator(@NotNull Tls tlsConfig) {
private DefaultClientCertificateValidator createServerCertificateValidator(@NotNull final Tls tlsConfig) {
final List<X509Certificate> trustedCerts;
final boolean truststoreAvailable = checkTruststoreAvailable(tlsConfig);
if (truststoreAvailable) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package com.hivemq.edge.adapters.opcua.config;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.hivemq.adapter.sdk.api.annotations.ModuleConfigField;
import com.hivemq.adapter.sdk.api.config.ProtocolSpecificAdapterConfig;
Expand Down Expand Up @@ -56,7 +57,8 @@ public class OpcUaSpecificAdapterConfig implements ProtocolSpecificAdapterConfig
private final boolean overrideUri;

@JsonProperty("auth")
private final @NotNull Auth auth;
@JsonInclude(JsonInclude.Include.NON_NULL)
private final @Nullable Auth auth;

@JsonProperty("tls")
private final @NotNull Tls tls;
Expand All @@ -79,7 +81,7 @@ public OpcUaSpecificAdapterConfig(
@JsonProperty("security") final @Nullable Security security) {
this.uri = uri;
this.overrideUri = requireNonNullElse(overrideUri, false);
this.auth = requireNonNullElse(auth, new Auth(null, null));
this.auth = auth;
this.tls = requireNonNullElse(tls, new Tls(false, null, null));
this.opcuaToMqttConfig =
Objects.requireNonNullElseGet(opcuaToMqttConfig, () -> new OpcUaToMqttConfig(null, null));
Expand All @@ -92,7 +94,7 @@ public OpcUaSpecificAdapterConfig(
return uri;
}

public @NotNull Auth getAuth() {
public @Nullable Auth getAuth() {
return auth;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,24 +16,29 @@
package com.hivemq.edge.adapters.opcua.config;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.hivemq.adapter.sdk.api.annotations.ModuleConfigField;
import org.jetbrains.annotations.Nullable;

import java.util.Objects;

import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_NULL;

public class Tls {

@JsonProperty("enabled")
@ModuleConfigField(title = "Enable TLS", description = "Enables TLS encrypted connection", defaultValue = "true")
private final boolean enabled;

@JsonProperty("keystore")
@JsonInclude(NON_NULL)
@ModuleConfigField(title = "Keystore",
description = "Keystore that contains the client certificate including the chain. Required for X509 authentication.")
private final @Nullable Keystore keystore;

@JsonProperty("truststore")
@JsonInclude(NON_NULL)
@ModuleConfigField(title = "Truststore",
description = "Truststore wich contains the trusted server certificates or trusted intermediates.")
private final @Nullable Truststore truststore;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,7 @@ public void convertConfigObject_defaults_valid() throws Exception {
assertThat(config.getOverrideUri()).isFalse();
assertThat(config.getSecurity().getPolicy()).isEqualTo(NONE);

assertThat(config.getAuth()).satisfies(auth -> {
assertThat(auth.getBasicAuth()).isNull();
assertThat(auth.getX509Auth()).isNull();
});
assertThat(config.getAuth()).isNull();

assertThat(config.getTls()).satisfies(tls -> {
assertThat(tls.isEnabled()).isFalse();
Expand Down Expand Up @@ -243,9 +240,7 @@ public void unconvertConfigObject_default_valid() {
final Map<String, Object> opcuaToMqtt = (Map<String, Object>) config.get("opcuaToMqtt");
assertThat((List<Map<String, Object>>) opcuaToMqtt.get("opcuaToMqttMappings")).isNull(); // must be empty

final Map<String, Object> authMap = (Map<String, Object>) config.get("auth");
assertThat((Map<String, Object>) authMap.get("basic")).isNull();
assertThat((Map<String, Object>) authMap.get("x509")).isNull();
assertThat(config.get("auth")).isNull();

final Map<String, Object> tlsMap = (Map<String, Object>) config.get("tls");
assertThat(tlsMap.get("enabled")).isEqualTo(false);
Expand Down

0 comments on commit 0875ec7

Please sign in to comment.